High-performance GPUs, often priced at $8,000 or more, are commonly shared across multiple users in cloud computing environments. Recent findings show that malicious actors can exploit this setup to gain full root control over host systems. Three new attacks leverage novel Rowhammer techniques targeting Nvidia’s GPU cards, turning hardware vulnerabilities into systemic security breaches.
Rowhammer attacks capitalize on memory hardware’s susceptibility to bit flips, where stored binary values switch from 0 to 1 or vice versa. In 2014, initial research demonstrated that rapid, repeated access to DRAM memory could induce electrical disturbances causing these flips. A year later, another team proved that targeting specific DRAM rows allowed privilege escalation from unprivileged users to root or bypassed security sandboxes, focusing on DDR3 DRAM generations.
Over the past decade, Rowhammer methods have expanded significantly. Attacks now target a broader range of DRAM types, including DDR3 with error-correcting code protections and DDR4 generations equipped with Target Row Refresh and ECC safeguards. New techniques like Rowhammer feng shui and RowPress enable precise targeting of small memory regions holding sensitive data. These advancements have facilitated attacks over local networks, rooted Android devices, and stolen 2048-bit encryption keys.
Last year marked the first successful Rowhammer attack against GDDR DRAM used in high-performance Nvidia GPUs. However, the results were limited: researchers achieved only eight bit flips, a small fraction compared to CPU DRAM attacks, and the impact was confined to degrading neural network outputs on the targeted GPU.
On Thursday, two independent research teams presented attacks on Nvidia’s Ampere-generation GPUs that push GPU rowhammering into more dangerous territory. These new exploits use GDDR bit flips to gain full control over CPU memory, leading to complete system compromise of the host machine. For the attack to succeed, IOMMU memory management must be disabled, a default setting in many BIOS configurations.
