High-performance GPUs, often priced at $8,000 or higher, are commonly shared across multiple users in cloud computing setups. Three newly identified attacks reveal how an adversary can achieve complete root access to a host system by executing advanced Rowhammer techniques on Nvidia’s GPU cards. These methods leverage the growing vulnerability of memory hardware to bit flips, where stored binary values inadvertently switch from 0 to 1 or the reverse.
In 2014, initial research demonstrated that rapid, repeated access to DRAM memory—termed “hammering”—induces electrical interference capable of flipping bits. A year later, another team showed that targeting specific DRAM rows containing sensitive data could allow an unprivileged user to escalate privileges to root or bypass security sandboxes. Both early exploits focused on DDR3 DRAM generations.
Over the last ten years, Rowhammer attacks have diversified significantly. They now target a broader array of DRAM types, including DDR3 with error-correcting code (ECC) and DDR4 with protections like Target Row Refresh. New hammering methods, such as Rowhammer feng shui and RowPress, concentrate on minute memory regions holding critical data. These techniques have enabled attacks over local networks, rooting of Android devices, and theft of 2048-bit encryption keys.
Last year marked the first successful Rowhammer attack against GDDR DRAM used in high-performance Nvidia GPUs. However, the impact was limited: researchers induced only eight bit flips, a small number compared to CPU DRAM exploits, and the damage merely degraded the output of a neural network running on the targeted GPU.
On Thursday, two independent research teams presented attacks on two Nvidia Ampere generation cards, advancing GPU rowhammering into more severe territory. These exploits use GDDR bit flips to gain full control over CPU memory, leading to complete compromise of the host machine. For the attacks to succeed, IOMMU memory management must be disabled, which is the default setting in BIOS configurations.
