New Rowhammer Attacks Enable Complete System Compromise on Nvidia GPUs
Key Takeaways
- ▸Two independent research teams demonstrated GDDRHammer attacks that grant complete root control of machines running NVIDIA Ampere GPUs through DRAM bit flip exploitation
- ▸The attack achieves 129 average bit flips per memory bank (64x improvement over prior work) and enables arbitrary read/write access to CPU memory for full system compromise
- ▸Vulnerability affects NVIDIA RTX 6000 Ampere cards with default BIOS settings; newer Ada generation GPUs are not vulnerable due to updated GDDR technology
Summary
Two independent research teams have demonstrated novel Rowhammer attacks against NVIDIA's Ampere generation GPUs that grant attackers complete root control of host machines. The attacks, collectively referred to as GDDRHammer (Graphics DDR/Greatly Disturbing DRAM Rows), exploit bit flip vulnerabilities in GPU memory to gain arbitrary read/write access to CPU memory, resulting in full system compromise. This represents a significant escalation from previous GPU Rowhammer work, which achieved only modest results with limited damage.
The GDDRHammer attack uses novel hammering patterns and memory massaging techniques to induce an average of 129 bit flips per memory bank—a 64-fold increase over prior GPU Rowhammer research. By manipulating GPU page tables and breaking memory isolation, attackers can gain full access to both GPU and CPU memory. The vulnerability affects NVIDIA's RTX 6000 Ampere cards when IOMMU memory management is disabled, a default BIOS setting. However, the attack does not work against newer Ada generation GPUs that use updated GDDR technology.
This discovery is particularly concerning given that high-performance GPUs costing $8,000 or more are frequently shared among dozens of users in cloud environments, creating significant security risks. The research extends the decade-long evolution of Rowhammer attacks, which have progressively targeted newer DRAM types and architectures, from CPUs to GPUs, demonstrating that GPU memory hardware faces similar susceptibility to malicious bit flip exploitation.
- High-performance GPU sharing in cloud environments creates significant security risk, as a single malicious user can compromise the entire host machine
Editorial Opinion
This research demonstrates that Rowhammer vulnerabilities, long considered a CPU concern, represent an equally serious threat on GPU hardware. The 64-fold improvement in bit flip efficiency compared to prior GPU Rowhammer work is alarming, particularly given the widespread use of shared GPU resources in cloud computing. Hardware vendors must prioritize IOMMU protections as default settings and accelerate the deployment of Rowhammer-resistant GDDR technology across all GPU generations.
