GPUHammer is turning heads for all the wrong reasons.
Researchers from the University of Toronto have exposed a severe vulnerability that could cripple the accuracy of AI models on certain GPUs using GDDR6 memory-dropping performance from 80% to a shocking 0.1% with just a single-bit flip.
This exploit, inspired by the well-known RowHammer attack on DRAM, targets the video memory of high-end GPUs-specifically, the NVIDIA RTX A6000. By triggering controlled bit flips in DRAM banks through a process called GPUHammer, the researchers managed to corrupt memory just enough to cause deep learning models to spiral into uselessness.
Using around 12,000 activation cycles per flip, the researchers synchronized their attack with DRAM refresh cycles after reverse-engineering bank mappings and optimizing hammering patterns. The damage? Catastrophic-ImageNet models running on the RTX A6000 dropped from 80% accuracy to practically zero.
Interestingly, this vulnerability doesn’t affect all GPUs equally. Cards like the RTX 3080 use GDDR6X instead of GDDR6, and newer architectures like the RTX 5090, A100, and H100, which rely on HBM (High Bandwidth Memory), showed no signs of susceptibility. The underlying difference appears to stem from the memory chip vendors (Samsung, Micron, SK Hynix) and architectural protections.
Fortunately, enabling ECC (Error-Correcting Code) memory on affected GPUs like the A6000 can prevent GPUHammer attacks entirely by catching and correcting single-bit errors. The trade-off? Around 10% performance loss in ML inference workloads and a reduction in usable VRAM by up to 6.25%-a serious consideration for data centers running large-scale models.
NVIDIA has acknowledged the issue and published a security notice urging system-level ECC enforcement on vulnerable systems. Meanwhile, their newer Hopper and Blackwell GPUs come with ECC enabled by default, offering protection right out of the box.
For now, unless you’re specifically using an RTX A6000 without ECC enabled, there’s no reason to panic. But the findings serve as a wake-up call: even hardware long considered immune to RowHammer-style attacks can be brought to its knees with precise engineering.