New Rowhammer Attacks - Full Control of Nvidia GPUs
Basically, new attacks let hackers control computers using Nvidia graphics cards.
New Rowhammer attacks exploit Nvidia GPUs, allowing attackers to gain complete control over host machines. This vulnerability poses significant risks for cloud environments. Users should take immediate action to secure their systems.
What Happened
Recent research has unveiled two new Rowhammer attacks targeting Nvidia's high-performance GPUs, specifically the RTX 3060 and RTX 6000. These attacks, named GDDRHammer and GeForge, allow attackers to gain full root control of host machines by exploiting vulnerabilities in GPU memory. This is particularly alarming given the widespread use of these GPUs in cloud environments, where they are often shared among multiple users.
The Flaw
The Rowhammer vulnerability exploits the susceptibility of memory hardware to bit flips, where stored bits in memory unexpectedly change from 0s to 1s or vice versa. This phenomenon has been known since 2014, but the recent attacks extend its impact from CPUs to GPUs. By hammering specific memory rows, attackers can manipulate memory access and escalate privileges.
What's at Risk
The implications of these attacks are severe. By successfully executing GDDRHammer or GeForge, an attacker can gain arbitrary read/write access to both GPU and CPU memory. This means they can potentially control the entire system, leading to data breaches, unauthorized access, and complete system compromise.
Technical Details
GDDRHammer, for instance, achieved an average of 129 bit flips per memory bank, marking a significant increase over previous attacks. It operates by manipulating the GPU's memory allocator, breaking the isolation of GPU page tables and allowing access to sensitive data. Similarly, GeForge manipulates the last-level page directory to achieve host privilege escalation.
Patch Status
Currently, the RTX 3060 and RTX 6000 are confirmed vulnerable. To mitigate these risks, users should enable IOMMU in their BIOS settings, which restricts GPU access to sensitive memory locations. Additionally, enabling Error Correcting Codes (ECC) on the GPU can provide another layer of protection, although this may come with performance trade-offs.
Immediate Actions
For users of Nvidia GPUs, the immediate steps include:
- Check if your GPU is among the vulnerable models (RTX 3060 and RTX 6000).
- Enable IOMMU in BIOS settings to restrict memory access.
- Consider enabling ECC for additional protection against memory errors.
Conclusion
As these attacks demonstrate, the Rowhammer vulnerability has evolved significantly, now posing a serious threat to GPU security. With the rapid pace of GPU deployment, it is crucial for users and organizations to stay informed and implement necessary safeguards to protect their systems.