- Rowhammer attacks now extend beyond CPUs into high-performance GPUs
- GPU memory manipulation enables direct access to CPU memory systems
- New attacks achieve full system compromise through controlled bit flips
Rowhammer has been a known issue on CPU-facing DRAM for more than a decade, but the same weaknesses now apply to high-performance GPUs with potentially similar consequences.
The attacks show that an attacker can induce bit flips on the GPU to gain arbitrary read and write access to all of the CPU's memory.
Three research teams, working independently, revealed that Nvidia's Ampere generation cards, including the RTX 3060 and RTX 6000 models, are vulnerable to these attacks.
What the new attacks actually do
“Our work shows that Rowhammer, which is well-studied on CPUs, is a serious threat on GPUs as well,” said Andrew Kwong, co-author of one of the papers.
“With our work, we… show how an attacker can induce bit flips on the GPU to gain arbitrary read and write access to all of the CPU’s memory, resulting in complete compromise of the machine.”
The first attack, called GDDRHammer, induces an average of 129 bit flips per memory bank on the RTX 6000.
This represents a 64-fold increase compared to previous GPU Rowhammer attempts documented last year.
The second attack, named GeForge and authored by Zhenkai Zhang and his team, achieved 1,171 bit flips against the RTX 3060 and 202 bit flips against the RTX 6000.
Both attacks use novel hammering patterns and a technique called memory massaging to corrupt GPU page tables.
Once the page tables are corrupted, an attacker can gain arbitrary read and write access to the GPU's memory space, and from there, can also access the host CPU's memory, leading to complete system compromise.
A third attack called GPUBreach takes a different and more concerning approach. It exploits memory safety bugs in the Nvidia driver itself rather than relying solely on bit flips.
The researchers behind GPUBreach explained that by corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read and write access.
GPUBreach corrupts metadata within permitted buffers, causing out-of-bounds writes that the attacker controls - the result is a root shell on the host machine without requiring any special hardware configuration.
Enabling IOMMU closes the vulnerability against GDDRHammer and GeForge but fails against GPUBreach, even when enabled in the BIOS.
IOMMU is disabled by default in most systems because enabling it reduces performance, and many administrators leave it disabled for this reason.
However, enabling Error Correcting Codes on the GPU provides some protection against all three attacks.
Both mitigations incur a performance penalty because they reduce available workable memory.
The researchers note that only Ampere generation cards from 2020 have been tested - so newer generations may also be vulnerable, but academic research typically lags behind product rollouts.
There are no known instances of Rowhammer attacks being used in the wild, which limits the immediate practical threat.
However, GPUBreach working with IOMMU enabled is particularly troubling for cloud storage providers that share expensive GPU resources among multiple customers.
Via Arstechnica
