[AI Summary]: University of Toronto researchers have discovered that Rowhammer attacks, previously known to affect CPU memory, are also effective against GPUs equipped with GDDR memory, potentially causing “catastrophic brain damage” to AI models with accuracy dropping from 80% to 0.1%. The team, led by Assistant Professor Gururaj Saileshwar along with PhD student Chris Lin and undergraduate Joyce Qu, demonstrated the GPUHammer attack on an NVIDIA RTX A6000 GPU, showing that a single bit flip could massively degrade model performance. This vulnerability particularly threatens cloud computing environments where multiple users share GPU resources, and while NVIDIA has issued a security notice recommending error correction code (ECC) as a remedy, this solution slows down machine learning tasks by up to 10%.
- Institution: University of Toronto
- Researchers: Gururaj Saileshwar, Chris (Shaopeng) Lin, Joyce Qu
- Publication: USENIX Security Symposium 2025
- Date: September 3, 2025