A decade-old class of memory attack has been given a dangerous new life — this time targeting modern NVIDIA graphics cards. New research has shown that GDDR6 GPU memory is vulnerable to Rowhammer-style attacks that can ultimately give an attacker full control of the host computer. If you own a GeForce RTX card from the Ampere generation, this one is worth paying close attention to.

What Is Rowhammer — and Why Is It Back?

Rowhammer was first publicly disclosed back in 2014. The core idea is straightforward but unsettling: by repeatedly hammering the same rows in a DRAM memory chip, an attacker can cause nearby bits to flip their values — a 1 becomes a 0, or vice versa. These aren’t random glitches. They’re exploitable. And the original attacks, which targeted system RAM, were eventually patched and mitigated in most modern hardware.

The new research — disclosed at gddr.fail (yes, that’s the actual disclosure domain) and detailed by Ars Technica — shows the same class of attack can now be repurposed for GDDR6, the high-speed memory used in modern NVIDIA GPUs. The two research efforts are named GDDRHammer and GeForge, and together they represent a genuinely worrying extension of an attack method that the industry thought it had mostly contained.

How the Attack Actually Works — Plain English Version

Here’s the chain of events an attacker would trigger. First, they repeatedly access the same memory rows on the GPU’s GDDR6 chips until nearby bits start flipping — the Rowhammer effect. Those bit flips then corrupt the GPU’s page tables: the internal maps that tell the graphics card which areas of memory it is and isn’t allowed to touch.

Once those mappings are damaged, the GPU can essentially be redirected to read and write into CPU memory — the main system memory that your operating system and every running application rely on. That’s the moment it becomes a full machine compromise. An attacker who can trigger this remotely, say through malicious GPU compute code or a compromised browser, could in theory gain root-level access to the entire machine.

Which GPUs Are Actually Vulnerable?

The public demonstrations were carried out on a GeForce RTX 3060 and an Ampere-generation workstation GPU. NVIDIA’s own security advisory explicitly referenced the RTX A6000, noting GDDR6 memory as the relevant component. The GDDRHammer research paper reported that nearly all tested RTX A6000 cards were susceptible to induced bit flips.

The news is better for newer hardware. Researchers also tested RTX 3080, RTX 4060, RTX 4060 Ti, and RTX 5050 cards and reported they did not observe bit flips on those models. The Ada-generation RTX 6000 also showed no induced bit flips in testing, with researchers suggesting that GDDR6X — used in higher-end Ada cards — likely benefits from stronger mitigation than standard GDDR6.

As for the RTX 50 series: NVIDIA states that GDDR7-equipped cards, including the entire GeForce RTX 50 lineup, implement on-die ECC that provides indirect protection against Rowhammer-style attacks. RTX 50 cards are not confirmed as affected by either research paper.

What Can You Do About It Right Now?

Both the official gddr.fail FAQ and NVIDIA point to enabling ECC — Error Correcting Code memory — as the primary software-side mitigation. ECC can be toggled on via the command line on supported cards and helps catch and correct memory bit errors before they can be exploited.

That said, ECC comes with real trade-offs that make it less suitable as a blanket fix for consumer gaming systems. Enabling it reduces usable GPU memory and carries a performance penalty — neither of which is appealing for a gaming PC. For workstation and enterprise deployments where the risk is more acute, it makes considerably more sense.

The broader takeaway is that GPU memory — long assumed to be isolated from the rest of the system — is not as sandboxed as everyone believed. As GPUs take on more compute tasks beyond gaming, including AI inference, browser rendering, and general-purpose workloads, the attack surface they represent grows with them. This research is a timely reminder that security doesn’t stop at the CPU.