New Rowhammer Attacks on Nvidia GPUs Compromise Host Machines

High-performance GPUs, often shared in cloud environments due to their high cost, are now targets for two new Rowhammer attacks that can give attackers full root control over host machines. These attacks, GDDRHammer and GeForge, exploit the vulnerability of GPU memory to bit flips, a phenomenon where memory bits switch from 0 to 1 or vice versa due to electrical disturbances. Originally discovered in DRAM used in CPUs, Rowhammer attacks have evolved over the past decade to affect various DRAM types, including those with error-correcting codes and protections.

## Evolution of Rowhammer Attacks

Rowhammer attacks have historically targeted CPU memory, but recent research has shown that GPU memory is equally susceptible. Last year, researchers demonstrated that GDDR DRAM used in Nvidia GPUs could be affected, though the impact was limited. Now, two independent research teams have shown that attacks on Nvidia's Ampere generation GPUs can lead to full system compromise by flipping bits in GPU memory, which in turn affects CPU memory.

## GDDRHammer and GeForge Attacks

GDDRHammer, targeting the RTX 6000, uses novel hammering patterns and memory massaging to induce a significant number of bit flips, breaking the isolation of GPU page tables and allowing attackers to read and write to GPU memory. GeForge, on the other hand, manipulates the last-level page directory to achieve similar results on the RTX 3060 and RTX 6000, ultimately allowing attackers to open a root shell on the host machine.

## Mitigation Strategies

To mitigate these vulnerabilities, enabling IOMMU in BIOS settings can prevent GPUs from accessing sensitive memory locations. Error Correcting Codes (ECC) can also be enabled, though both solutions come with performance trade-offs. Currently, only the RTX 3060 and RTX 6000 are known to be vulnerable, but future GPU generations might also be at risk.

## Implications for Security

These findings highlight the need for GPU manufacturers and users to be aware of the potential security risks posed by Rowhammer attacks. While no known instances of such attacks have been used in the wild, the research serves as a warning that GPU memory vulnerabilities could have serious security implications.