GPUHammer demonstrates that Rowhammer bit flips are practical on GPU memories, specifically on GDDR6 in NVIDIA A6000 GPUs. By exploiting these vulnerabilities, attackers can significantly degrade the accuracy of machine learning models, highlighting a critical security concern for shared GPU environments.

Researchers have successfully demonstrated a Rowhammer attack against the GDDR6 memory of an NVIDIA A6000 GPU, revealing that a single bit flip could drastically reduce the accuracy of deep neural network models from 80% to 0.1%. Nvidia has acknowledged the findings and suggested enabling error-correcting code (ECC) as a mitigation strategy, although it may impact performance and memory capacity. The researchers have also created a dedicated website for their proof-of-concept code and shared their detailed findings in a published paper.