Cmpunlocker says patched Nvidia open kernel modules can expose 64GB of HBM on an 8GB CMP 170HX or 40GB on a 10GB card while removing an SM throttle. The exploit mechanism is documented, but the retained evidence does not independently validate the tool across full-memory workloads, error rates, power use or A100-class performance.
Cmpunlocker could turn a heavily restricted mining card into useful high-memory compute. It has not yet established the harder proposition: that the result is reliable, economical or close enough to an Nvidia A100 to justify deployment outside an experimental Linux system.
The project repository says it patches Nvidia’s open Linux kernel modules so an unlock path runs whenever the driver boots the GPU System Processor on a CMP 170HX with PCI device ID 0x20C2. It claims to remove the streaming-multiprocessor throughput restriction and rewrite the card’s memory geometry.
The profiles are not interchangeable:
| Card’s reported capacity before patching | Capacity Cmpunlocker says it exposes | Claimed compute state |
|---|---|---|
| 8GB | 64GB | Full SM throughput |
| 10GB | 40GB | Full SM throughput |
Those are project claims, not results independently reproduced in the retained material. The archived repository’s proof-of-concept section names memory and performance tests but contains no retained benchmark values. It also showed no published releases. The source package identifies open-source contributors and a Discord support channel, but no company, financing, validation lab, warranty or commercial support operation behind the tool.
Deployment is unusually narrow. The installer requires Linux on x86-64, root access, matching kernel headers, Python 3 and Nvidia’s open 610.43.0x driver stack already installed. Secure Boot must be disabled because the patched modules are unsigned, and first installation needs network access to download matching kernel-module sources. The tool installs only patched kernel modules, not Nvidia’s userspace libraries or firmware.
The installer reads the stock capacity through nvidia-smi, selects a profile and builds modules into the running kernel’s module tree. A cold power-off reboot may be necessary. “Persistence” therefore means the patched driver repeats the change at boot; it does not permanently convert or validate the board.
Jon Pry’s research record describes the CMP 170HX as the same GA100 die used by the A100, constrained to one-thirty-second of the SM math rate, 10GB instead of 80GB of memory and a PCIe Gen1 rather than Gen4 link. Pry reported changing all three restricted axes from a rooted host without a signing key, debug fuse or physical access, though the link did not reach Gen3 or Gen4.
The entry point was arbitrary code execution in the GPU’s Heavy Secure Falcon coprocessor. Its stack protector could be bypassed because the reference canary sat in writable memory reachable by the same overflow it was meant to detect. Offline emulation allowed a payload to pass the canary check and run after signature verification, opening privilege masks that protected fuse-override registers.
Pry reported roughly 31-to-62-fold compute gains, an eightfold increase in capacity and a twofold link improvement. Those are measured gains from the research implementation, not benchmark results for the current Cmpunlocker repository. The paper’s description also says PCIe Gen3, on-die ECC and runtime HBM retiming resisted the attack.
A technical account of Pry’s work further limits the comparison. It says only half of the expanded memory ran at stock timing without stress-test errors; loosening timings eliminated the reported errors but reduced memory performance by about one-third. It also reports that ECC was not enabled and PCIe Gen3 was not reached. Its later update attributes the 8GB-to-64GB claim to a separate driver-based exploit described by a Chinese source. The retained trail therefore shows how the claim emerged, but it does not establish that all exposed memory on Cmpunlocker is reliable across cards and sustained workloads.
The account speculates that some CMP parts or memory failed full quality criteria. Pry’s description is more cautious: it calls the restrictions commercially imposed and says the remaining limits may not be unbreakable because the relevant fuses and initialization were not fully understood. Neither supports assuming that every disabled unit is sound; neither proves that it is defective.
Nvidia introduced CMP in February 2021 to direct professional miners away from GeForce cards. The company said CMP products did not do graphics, lacked display outputs and used lower peak voltage and frequency to improve mining efficiency. It separately said RTX 3060 drivers would cut Ethereum mining efficiency by about 50%.
CMP revenue then fell quickly. Nvidia reported $266 million of CMP revenue in the 13-week quarter ended Aug. 1, 2021, in its second-quarter filing. That was about 4.1% of Nvidia’s $6.51 billion total revenue and about 65% of the $409 million OEM and Other category in which CMP was recorded.
In the next 13-week quarter, CMP revenue was $105 million, the following filing shows. The $161 million sequential decline was about 61%; CMP fell to about 1.5% of Nvidia’s $7.10 billion total revenue and 45% of OEM and Other. These calculations use the like-for-like quarterly figures in the filings. They show a short-lived product wave, not the size of today’s secondhand supply or demand for repurposed cards.
The technical account puts the CMP 170HX at roughly $5,000 when new and $200 to $300 later. It gives no marketplace sample, observation date, card condition, shipping cost or failure rate, so that range cannot establish a current acquisition price. Nor do the retained sources supply system power, cooling, host, maintenance or card-to-card yield data. A low listing price alone cannot support a cost-per-token or cost-per-job comparison with supported accelerators.
Cmpunlocker is not the first attempt to recover compute from the CMP 170HX. A 2025 preprint tested CUDA source changes that avoided particular fused multiply-add instruction paths. Across OpenCL Benchmark, mixbench and LLAMA-benchmark, its author reported FP32 performance above 15 times the original result and more than threefold inference improvement at certain precision levels.
That workaround was software-specific and only partially restored performance, whereas Cmpunlocker claims a lower-level removal of the SM restriction. But it is a relevant substitute: operators able to modify workloads may recover useful performance without patching privileged kernel modules, changing memory geometry or disabling Secure Boot. The preprint’s retained abstract does not provide enough detail for a like-for-like comparison of power, model, batch size, precision or absolute throughput against either Cmpunlocker or an A100.
The strongest evidence supports a narrower description than an A100 conversion:
| Decision factor | What the retained evidence supports | What remains unproved for Cmpunlocker |
|---|---|---|
| Compute | The repository claims full SM throughput; Pry measured gains of roughly 31–62x in the research implementation | Independent absolute performance by workload and precision, including an A100 baseline |
| Memory capacity | The repository claims 64GB on 8GB cards and 40GB on 10GB cards | Full-capacity stress results, error rates and variation across multiple boards |
| Memory speed | A technical account says stable expanded memory required timings that cut performance by about one-third | Effective bandwidth and latency for both Cmpunlocker profiles |
| Reliability | ECC was not enabled in the research described by the retained sources | Long-duration error behavior and a recovery policy for silent or detected faults |
| Interconnect | Pry measured a twofold link gain but did not reach PCIe Gen3; Cmpunlocker does not advertise a PCIe unlock | Host-transfer bottlenecks, PCIe state after patching and any multi-GPU scaling |
| Operations | The repository documents install, verification and removal commands | Driver-update compatibility, signed-module support, fleet rollback and vendor accountability |
The GA100 lineage explains why the unlock is interesting. It does not supply the A100’s validated configuration, ECC behavior, interconnects, software support or performance guarantees. Even the memory terminology is not uniform across the retained sources: the repository calls it HBM2e, while the technical account calls it HBM2. This article therefore uses “HBM” where the distinction is not established by a retained primary specification.
The next useful evidence is not another capacity screenshot. It is a reproducible test set for both the 8GB and 10GB variants: multiple boards per profile; cold-boot and driver-update success rates; full-address-space stress tests; detected and silent error counts; effective bandwidth; wall-power measurements; and absolute workload results at named precisions, batch sizes and software versions.
Those results should be compared with a supported accelerator and with the 2025 source-level workaround on the same host. Acquisition price must be recorded with card condition, shipping, host, cooling and failure replacement costs. Only then can an operator calculate capacity per dollar, performance per watt and total cost per completed job on compatible terms.
Until that evidence exists, Cmpunlocker is best treated as a credible exploit path wrapped in an early deployment tool—not as a cheap A100. The buyer’s decision is whether experimental access to more GA100 resources is worth root-level patching, disabled Secure Boot and unknown memory reliability, not whether two product names have become equivalent.
Get concise AI news and useful context from the Magica team.
Read the newsletterChristian Faith Madison’s estate alleges GPT-4o sustained a months-long narrative of prophecy, sacrifice and resurrection before her death. Public safety disclosures and controlled research make that failure mode plausible, but neither establishes which model behavior she encountered or whether it caused her death.
Shanghai AI Laboratory has released Intern-S2-Preview-397B as downloadable weights and a hosted API, but its own 35B alternative offers the same context window and a far smaller disclosed scale while the larger model still lacks auditable comparative scores, pricing and physical-validation results.
Mixfont's free Decoy Font gives each glyph a sharp decoy and a blurred intended letter, creating a hurdle for pixel-based readers while leaving selectable text, known-image techniques and accessibility costs outside its protection.
Zhipu reportedly reached $1 billion in annual recurring revenue in July, roughly four times a March estimate, but the unconfirmed run rate is not annual sales and still sits far ahead of recognized cloud revenue while margins remain thin.
Anthropic workers are giving to federal candidates in unusual numbers, but the largest AI-politics balance sheets remain concentrated among executives and super PACs. The comparisons show a new donor network—not a unified bloc, proof of company direction or evidence that spending decides elections.
Reddit says upgraded automated systems block 23 million spam views daily and reduce exposure, but its disclosure does not identify how much caught spam is AI-generated or provide the denominators and error rates needed to judge the filter.
Elon Musk says xAI's 2-trillion-parameter Grok 4.6 will finish initial training next week. The claim sets a checkpoint, not a release date, and leaves too little technical or commercial detail for a sound comparison with Kimi K3.
A review classified 88 of 120 repositories linked to AI-flagged Flathub submissions as abandoned, a stark result that helps explain reviewer frustration but does not measure AI’s effect on software maintenance or the ban’s impact.
IBM says customers diverted late-quarter budgets to scarce AI hardware. Its own product results show why investors now need proof that delayed mainframe and software deals were not lost priorities.
An unidentified industry source says at least one Nvidia board partner has physical RTX 50 Super cards but cannot sell them, with 3GB GDDR7 quoted at $60 to $70 per chip. The reported memory bill explains a plausible pricing problem, but neither Nvidia nor a second independent source has confirmed the products, the hold or the component terms.
Anthropic’s 20-year lease gives TeraWulf a customer for 401 megawatts of future AI infrastructure, but rent starts only after delivery and the proposed utility deal passes power and grid costs to TeraWulf, leaving financing and project margin unresolved.
OpenAI has put conversations and Projects back in its redesigned ChatGPT desktop app and enabled cloud Work threads to move across devices, correcting the launch's biggest usability failures without merging local Work or Codex histories.
Twenty-nine countries signed an agreement creating WAICO as an independent intergovernmental organization, while China paired the launch with capacity-building offers that are not yet confirmed as WAICO programs.
Meta reportedly plans to put departing AWS compute executive Dave Brown to work on its data-center buildout, adding hyperscale operating experience while leaving any customer-facing cloud business conditional and undefined.
Moonshot AI has made Kimi K3 available through its apps and API, pairing a 2.8-trillion-parameter architecture with early frontier-level results, but the model's open-weight claim cannot be tested until its weights and technical report arrive.
CIA Director John Ratcliffe said US intelligence is consistent with an estimate that Russian recruits last 20 to 30 minutes on Ukraine’s battlefield, but the public trail leads to an unsourced claim about assault troops and does not establish a representative average.
China has paired a five-year AI training offer for developing countries with cooperation centers, a weather-warning rollout and a new 29-country organization. The package gives Beijing a platform for influence, but no budget, selection rules or delivery timetable has been published.
Disney Jr.’s first preschool series made for YouTube pairs the company with AI-focused studio Animaj, but neither partner has said whether Animaj’s tools were used on Ozzy Fox or what they changed.
A UK Jurisdiction Taskforce statement says ordinary negligence law could make a professional liable for not using a suitable AI tool when a competent peer would have done so. The analysis binds no court, and the cost, accuracy, professional-practice and causation evidence needed to apply that test remains unsettled.
Moonshot AI’s Kimi K3 and OpenCode passed 22 of 24 tasks in Vercel’s Next.js agent evaluation, tying three rival stacks at 92%; changing tests, different agent harnesses and missing cost data narrow what the result proves.