Nvidia’s GPU Memory Exploited by New “GeForge” and “GDDRHammer” Rowhammer Attacks, While

The first public details of the new attacks were disclosed in Tom’s Hardware’s April 4, 2026 report, which explains that “GeForge” and “GDDRHammer” extend the original GPU‑Hammer technique by not only flipping bits in VRAM but also chaining those flips to gain read/write access to system RAM and ultimately root privileges on the host CPU [Tomshardware]. Both exploits target the GDDR memory modules that sit on Nvidia’s discrete GPUs, using aggressive row‑activation patterns to induce electromagnetic coupling between adjacent rows—a classic Rowhammer effect that was first demonstrated on DRAM in 2014. By repeatedly hammering specific rows in the GPU’s memory controller, the attacks force a charge imbalance that flips bits in protected VRAM regions, which the attackers then leverage to overwrite page tables and inject malicious code into the kernel space of the host operating system.

The methodology mirrors the earlier “GPUHammer” proof‑of‑concept, which Tom’s Hardware covered last year, showing that a single bit flip could degrade an AI model’s inference accuracy from 80 % to 0.1 % on an RTX A6000 [Tomshardware]. However, GeForge and GDDRHammer go further by automating the discovery of vulnerable rows and chaining multiple flips to construct a full‑system exploit. According to the gddr.fail site, the two attacks share an identical end goal: they “gain root access to the CPU through your GPU, potentially compromising your entire system” [Tomshardware]. The write‑up notes that the attacks are capable of traversing the isolation boundary that Nvidia traditionally advertises for its VRAM, effectively turning the GPU into a conduit for privilege escalation.

While the attacks focus on the memory substrate, Nvidia’s parallel work on neural texture compression demonstrates a different side of VRAM utilization. VideoCardz.com reports that Nvidia’s new neural texture compression pipeline can shrink texture footprints from 6.5 GB to just 970 MB, a roughly 85 % reduction in VRAM consumption [VideoCardz.com]. This advancement, aimed at improving graphics performance and reducing memory bandwidth pressure, underscores how tightly coupled compute and memory resources have become on modern GPUs. The same hardware that enables massive compression gains is also the vector for the Rowhammer exploits, highlighting a trade‑off between aggressive memory access patterns for performance and the increased susceptibility to disturbance attacks.

Security researchers have warned that the Rowhammer‑style attacks on GPUs are not merely theoretical. Tom’s Hardware cites an Ars Technica story that confirms the feasibility of using these bit flips to “take control over the system RAM” after compromising the GPU’s VRAM [Tomshardware]. The report emphasizes that the attacks require no physical access; they can be launched from user‑level code running on the GPU, making them attractive to adversaries who can deliver malicious shaders or compute kernels. Because the GPU’s memory controller operates at higher frequencies and with tighter timing margins than typical DRAM, the window for successful hammering is larger, and existing mitigations designed for CPU memory are less effective.

Mitigation strategies remain nascent. Nvidia has not yet released firmware updates or hardware revisions specifically addressing the new Rowhammer vectors, and the company’s public documentation continues to tout VRAM isolation as a security feature. The absence of vendor‑provided countermeasures means that system administrators must rely on software‑level defenses, such as limiting untrusted GPU workloads, monitoring anomalous memory access patterns, and applying kernel hardening patches that validate page‑table integrity. As the attacks mature, the industry will likely see a push for memory‑controller redesigns that incorporate error‑correcting codes (ECC) or row‑refresh throttling tailored to GDDR modules, mirroring the protections that have been adopted for DRAM in recent years.