Rowhammer attacks exploit vulnerabilities in DRAM hardware through targeted bit manipulation, allowing attackers bypass memory isolation and gain control of the device. Initially, these attacks focused on CPUs and their associated DDR memory. However, recent research indicates that NVIDIA GPUs (and potentially those from other vendors) They are also vulnerable for the dedicated GDDR6 memory they use.
Researchers have spent more than a decade studying Rowhammer attacks, a computer security vulnerability that exploits a breach in the isolation between DRAM memory cells. The attacks exploit the increasing vulnerability of memory hardware to bit flips, in which 0s stored in memory become 1s and vice versa. In 2014, researchers demonstrated for the first time that rapid, repeated access (called “tapping”) to DRAM memory hardware creates electrical disturbances that change bits. A year later, another research team demonstrated that by attacking specific rows of DRAM that store sensitive data, an attacker could exploit the phenomenon to elevate an unprivileged user to administrator or bypass security protections from the testing area.
Both attacks targeted DDR3 generations of DRAM. Basically, hackers corrupt memory by repeatedly accessing cells to alter bits through power leaks. A new study suggests that the risk is greater than previously thought and that widely recommended ECC mitigation is not foolproof.
Rowhammer attacks, also effective on GPUs
Studies conducted by researchers at UNC Chapel Hill and Georgia Tech have shown that Rowhammer attacks against GDDR6 memories can grant kernel level access on Linux systems equipped with graphics cards based on NVIDIA’s Ampere and Ada Lovelace architectures. Research teams from the two entities, working independently, have discovered ways to exploit this memory vulnerability in modern graphics hardware. A potential problem taking into account the enormous deployment of NVIDIA graphics in all market segments.
This type of attack takes malicious manipulation of GPUs into new and potentially much more serious territory: bit manipulation of GDDR memories gives attackers full control of the CPU memory, resulting in the total system compromise of the host computer.
«Our work demonstrates that Rowhammer, a widely studied attack on CPUs, also represents a serious threat to GPUs«said Andrew Kwong, co-author of one of the research articles, “GDDRHammer: Rowhammer attacks between modern GPU components: serious disruption of DRAM rows”. According to the author, it demonstrates how an attacker can induce bit flips on the GPU to gain arbitrary read/write access to the entire CPU memory.
New research shows that more aggressive techniques, such as multi-directional Rowhammer attacks that attack cells from multiple directions, can corrupt much more data. In some cases, successful attacks can grant arbitrary read and write access to both GPU and CPU memory.
Research groups have developed functional exploits “GDDRHammer” and “GeForge” that use Rowhammer bit manipulation on NVIDIA GPUs with GDDR6 memory to gain full control of CPU memory. This attack can manipulate bits in some models, so far confirmed in the GeForce RTX 3060 consumer graphics card and in the RTX 6000 and RTX A6000 workstation GPUs, achieving an escalation of privileges until obtaining administrator access.
“By corrupting the GPU page tables, an unprivileged CUDA kernel can gain arbitrary access to GPU memory (read/write) and subsequently chain that ability with privilege escalation on the CPU side, taking advantage of recently discovered memory safety flaws in the NVIDIA driver.”the researchers explained. “The result is a system vulnerability that reaches root access”.
Mitigations and scope
The researchers indicated that the main mitigation method is to modify the default BIOS settings to enable IOMUM. Acronym of Input/Output Memory Management Unitmaps virtual addresses visible to the device to physical addresses in the host’s memory. It can be used to restrict access to certain parts of memory, although it is not foolproof, as these investigations have shown with effective exploits against the RTX A6000 graphics card, achieving an escalation of privileges until obtaining administrator access. The attack works even with IOMMU enabled.
The other mitigation measure is well known and is to enable error correction codes (ECC) on the GPU, something that NVIDIA allows you to do via the command line. As with IOMMU, enabling ECC carries a performance lossas it reduces the total amount of available memory. Additionally, some Rowhammer attacks can bypass ECC mitigations.
In an email, an NVIDIA representative said that customers seeking information about their vulnerability and what actions they should take can consult this page published last year in response to the previous GPUHammer attack. The representative did not offer more details about the new investigations, the true value of which lies in alert manufacturers and customers about the potential for Rowhammer attacks also against GPUs, which can seriously compromise security.
Despite this, it must be said that for the moment the danger of Rowhammer’s attacks is limited. At the moment, only three graphics models have been compromised, although, according to the researchers, it would not be surprising if the most recent generations of graphics cards from NVIDIA, AMD or Intel are susceptible to the same type of attacks, but given that the pace of academic research often lags far behind the speed of product launches, there is currently no way to know.
Additionally, top-tier cloud platforms typically offer much higher levels of security than those offered by default on hobbyist and home user computers. Another important aspect: There are no known cases of Rowhammer attacks against GPUs that have been actively used in practice.so security researchers and vendors can explore additional mitigations against these Rowhammer attacks that have plagued computer security for more than a decade by leveraging an inherent side effect of the operation of dynamic random access memory, or DRAM.
