- Rowhammer attacks now extend beyond CPUs to high-performance GPUs
- GPU memory manipulation enables direct access to CPU memory systems
- New attacks achieve full system compromise through controlled bit flips
Rowhammer has been a known problem on CPU-facing DRAM for more than a decade, but the same weaknesses now apply to high-performance GPUs with potentially similar consequences.
The attacks show that an attacker can induce bit flips on the GPU to gain arbitrary read and write access to the entire CPU’s memory.
Three research teams working independently revealed that Nvidia’s Ampere generation cards, including the RTX 3060 and RTX 6000 models, are vulnerable to these attacks.
The article continues below
What the new attacks actually do
“Our work shows that Rowhammer, which is well-studied on CPUs, is also a serious threat to GPUs,” said Andrew Kwong, co-author of one of the papers.
“With our work, we show how an attacker can induce bit-flips on the GPU to gain arbitrary read and write access to the entire CPU’s memory, resulting in complete compromise of the machine.”
The first attack, called GDDRHammer, induces an average of 129 bit flips per memory bank on RTX 6000.
This represents a 64-fold increase compared to previous GPU Rowhammer experiments documented last year.
The second attack, called GeForge and authored by Zhenkai Zhang and his team, achieved 1,171 bit flips against the RTX 3060 and 202 bit flips against the RTX 6000.
Both attacks use new hammering patterns and a technique called memory massage to destroy GPU page tables.
When the page tables are corrupted, an attacker can gain arbitrary read and write access to the GPU’s memory space, and from there he can also access the host CPU’s memory, leading to complete system compromise.
A third attack called GPUBreach takes a different and more worrying approach. It exploits memory security flaws in the Nvidia driver itself instead of relying solely on bitflip.
The researchers behind GPUBreach explained that by corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read and write access.
GPUBreach corrupts metadata within allowed buffers, causing out-of-bounds writes that the attacker controls – the result is a root shell on the host machine without requiring any special hardware configuration.
Enabling IOMMU closes the vulnerability against GDDRHammer and GeForge, but fails against GPUBreach even when enabled in BIOS.
IOMMU is disabled by default on most systems because enabling it reduces performance, and many administrators leave it disabled for this reason.
However, enabling debug codes on the GPU provides some protection against all three attacks.
Both limitations incur a performance penalty because they reduce available usable memory.
The researchers note that only 2020-generation Ampere cards have been tested — so newer generations may also be vulnerable, but academic research typically lags behind product rollouts.
There are no known cases of Rowhammer attacks being used in the wild, limiting the immediate practical threat.
However, GPUBreach operating with IOMMU enabled is of particular concern to cloud storage providers that share expensive GPU resources between multiple customers.
Via Arstechnica
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
