- Rowhammer attacks now extend beyond CPUs to high-performance GPUs
- GPU memory manipulation allows direct access to CPU memory systems
- New attacks manage to compromise the entire system through controlled bit changes
Rowhammer has been a known problem in CPU-oriented DRAM for over a decade, but the same weaknesses now apply to high-performance GPUs with potentially similar consequences.
The attacks show that an attacker can induce bit flips on the GPU to gain arbitrary read and write access to all CPU memory.
Three research teams, working independently, revealed that Nvidia's Ampere generation cards, including the RTX 3060 and RTX 6000 models, are vulnerable to these attacks.
Article continues below.
What the new attacks actually do
“Our work shows that Rowhammer, which is well studied on CPUs, is also a serious threat to GPUs,” said Andrew Kwong, co-author of one of the papers.
“With our work, we… show how an attacker can induce bit flips on the GPU to gain arbitrary read and write access to the entire CPU memory, resulting in a complete machine compromise.”
The first attack, called GDDRHammer, induces an average of 129 bits per memory bank on the RTX 6000.
This represents a 64x increase compared to previous Rowhammer GPU attempts documented last year.
The second attack, called GeForge and written by Zhenkai Zhang and his team, achieved changes of 1,171 bits against the RTX 3060 and 202 bits against the RTX 6000.
Both attacks use new hammering patterns and a technique called memory massaging to corrupt GPU page tables.
Once the page tables are corrupted, an attacker can gain arbitrary read and write access to the GPU memory space and from there can also access the host CPU memory, completely compromising the system.
A third attack called GPUBreach takes a different and more concerning approach. It exploits memory safety bugs in the Nvidia driver itself instead of relying solely on bit flips.
The researchers behind GPUBreach explained that by corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary read and write access to GPU memory.
GPUBreach corrupts metadata within the allowed buffers, causing writes outside the attacker-controlled boundaries; The result is a root shell on the host machine without requiring any special hardware configuration.
Enabling IOMMU closes the vulnerability against GDDRHammer and GeForge but fails against GPUBreach, even when enabled in the BIOS.
IOMMU is disabled by default on most systems because enabling it reduces performance and many administrators leave it disabled for this reason.
However, enabling error correction codes on the GPU provides some protection against all three attacks.
Both mitigations carry a performance penalty because they reduce available working memory.
The researchers note that only cards from the 2020 Ampere generation have been tested, so newer generations may also be vulnerable, but academic research generally lags behind product launches.
There are no known cases of Rowhammer attacks used in the wild, limiting the immediate practical threat.
However, GPUBreach working with IOMMU enabled is particularly concerning for cloud storage providers that share expensive GPU resources between multiple customers.
Via Arstechnica
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
