Nvidia advised customers to ensure mitigations against Rowhammer attacks after researchers found one of its workstation-grade GPUs is susceptible. The advisory noted that researchers at the University of Toronto demonstrated a successful Rowhammer exploitation on a NVIDIA A6000 GPU with GDDR6 memory where System-Level ECC was not enabled. The company recommended customers ensure System-Level ECC is enabled on many models in its Blackwell, Ada, Hopper, Ampere, Jetson, Turing, and Volta products.
Source: https://www.theregister.com/2025/07/13/infosec_in_brief/
TPRM report: https://scoringcyber.rankiteo.com/company/nvidia
"id": "nvi556071425",
"linkid": "nvidia",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Semiconductors',
'name': 'Nvidia',
'type': 'Technology Company'},
{'industry': 'Automotive',
'name': 'Mercedes-Benz',
'type': 'Automotive Company'},
{'industry': 'Automotive',
'name': 'Volkswagen',
'type': 'Automotive Company'},
{'industry': 'Automotive',
'name': 'Skoda',
'type': 'Automotive Company'},
{'customers_affected': 27000,
'industry': 'Cryptocurrency',
'name': 'Bitcoin Depot',
'type': 'Financial Services'},
{'customers_affected': 100000,
'industry': 'Taxation',
'location': 'UK',
'name': "HMRC (His Majesty's Revenue and Customs)",
'type': 'Government Agency'}],
'attack_vector': ['Rowhammer', 'Bluetooth Exploits', 'Phishing', 'Data Theft'],
'customer_advisories': True,
'data_breach': {'number_of_records_exposed': 127000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
"Driver's License Numbers",
'Email Addresses',
'Addresses',
'Dates of Birth']},
'date_detected': ['July 9, 2024', 'June 23, 2024', '2024'],
'date_publicly_disclosed': ['July 9, 2024', 'June 13, 2025'],
'description': 'A series of cyber incidents involving vulnerabilities in '
'Nvidia GPUs, Bluetooth exploits in cars, and data breaches '
'affecting Bitcoin Depot and UK tax authorities.',
'impact': {'data_compromised': ['Personal Information',
"Driver's License Numbers",
'Email Addresses',
'Addresses',
'Dates of Birth'],
'systems_affected': ['Nvidia A6000 GPU',
'Bluetooth Entertainment Systems',
'Bitcoin Depot Servers']},
'initial_access_broker': {'entry_point': ['Bluetooth', 'Phishing']},
'investigation_status': 'Completed',
'motivation': ['Financial Gain', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Patching',
'Enabling ECC',
'Security Reviews'],
'root_causes': ['Vulnerabilities in Bluetooth '
'Stack',
'Lack of ECC',
'Phishing Attacks']},
'recommendations': ['Enable System-Level ECC',
'Patch Vulnerabilities',
'Conduct Security Reviews'],
'references': [{'date_accessed': 'July 9, 2024', 'source': 'Nvidia Advisory'},
{'date_accessed': '2024', 'source': 'PCA Cyber Security'},
{'date_accessed': '2024', 'source': 'GitHub'},
{'date_accessed': '2024', 'source': 'The Washington Post'},
{'date_accessed': 'June 13, 2025', 'source': 'Bitcoin Depot'}],
'response': {'law_enforcement_notified': True,
'remediation_measures': ['Patching Vulnerabilities',
'Enabling ECC']},
'title': 'Multiple Cyber Incidents Involving Nvidia, Bluetooth '
'Vulnerabilities, and Data Breaches',
'type': ['Vulnerability Exploitation', 'Data Breach'],
'vulnerability_exploited': ['Rowhammer',
'CVE-2024-45434',
'CVE-2024-45432',
'CVE-2024-45433',
'CVE-2024-45431']}