The world of cybersecurity is once again in a frenzy, as researchers have uncovered a new and insidious threat to high-performance GPUs, specifically those made by Nvidia. This time, the culprit is a pair of sophisticated Rowhammer attacks, GDDRHammer and GeForge, that can give malicious users complete control over machines running these GPUs. The implications are dire, as these attacks exploit the very hardware that powers some of the most powerful computing systems in the world.
The Rise of Rowhammer
Rowhammer, a decade-old vulnerability, has been a persistent headache for CPU manufacturers. It leverages the increasing susceptibility of memory hardware to bit flips, where 0s and 1s in memory can be switched at will. The original attack in 2014 demonstrated that rapid access to memory could create electrical disturbances, and a follow-up in 2015 showed how targeting specific DRAM rows could escalate privileges and bypass security sandboxes. These attacks primarily targeted DDR3 DRAM.
Over the years, Rowhammer has evolved, targeting newer DRAM types like DDR4 with error-correcting code (ECC) protections and employing novel techniques like Rowhammer feng shui and RowPress to zero in on small regions of sensitive data. It has also been used to root Android devices, steal encryption keys, and even work over local networks. However, until now, Rowhammer attacks had not been successfully demonstrated against GPUs.
GDDRHammer and GeForge: A New Threat
The recent attacks, GDDRHammer and GeForge, are particularly concerning. They exploit the fact that high-performance GPUs, like those from Nvidia's Ampere generation, are often shared among dozens of users in cloud environments, making them vulnerable to malicious activity. The attacks demonstrate how a malicious user can gain full root control of a host machine by performing novel Rowhammer attacks on these GPUs.
GDDRHammer, which stands for Graphics DDR and Greatly Disturbing DRAM Rows, targets the RTX 6000 from Nvidia's Ampere generation. It uses novel hammering patterns and memory massaging to induce an average of 129 flips per memory bank, a significant increase over previous attacks. This allows the attacker to manipulate the memory allocator and break the isolation of GPU page tables, giving them read and write access to GPU memory.
GeForge, on the other hand, targets the last-level page directory instead of the page table. It was able to induce 1,171 bit flips against the RTX 3060 and 202 bit flips against the RTX 6000. Both attacks conclude by opening a root shell window, allowing the attacker to issue commands with unfettered privileges on the host machine.
The Role of Memory Massaging
A key technique used in both attacks is memory massaging, which involves steering page tables into regions that aren't protected against electrical disturbances. GDDRHammer uses Rowhammer to flip bits that allocate access to the protected region, while GeForge isolates and manipulates the page directory entries to redirect pointers into attacker-controlled memory.
Mitigation and Future Concerns
The researchers emphasize that both the RTX 3060 and RTX 6000 cards are vulnerable, and changing BIOS defaults to enable IOMMU can close the vulnerability. However, IOMMU is disabled by default for compatibility and performance reasons. Another mitigation is to enable ECC on the GPU, but some Rowhammer attacks can still bypass these protections.
The true value of this research is to raise awareness among GPU makers and users about the potential severity of Rowhammer attacks. While there are no known instances of these attacks being used in the wild, the potential for widespread compromise is a serious concern. As the pace of academic research lags behind product rollouts, it's crucial for GPU manufacturers to stay vigilant and implement robust security measures to protect their users.
