GPU Rowhammer Attacks Escalate: NVIDIA Ampere Cards Vulnerable to Full System Takeover

Introduction

Recent security research has unveiled a new wave of Rowhammer attacks targeting NVIDIA graphics cards, specifically from the Ampere generation. These attacks demonstrate a significant escalation in the threat landscape, as they allow adversaries to gain complete control over the host system's CPU memory, leading to a full system compromise. This article delves into the details of these attacks, their mechanisms, and the implications for users and organizations.

GPU Rowhammer Attacks Escalate: NVIDIA Ampere Cards Vulnerable to Full System Takeover — Source: www.schneier.com

What is Rowhammer?

Rowhammer is a well-known hardware vulnerability affecting DRAM modules. By repeatedly accessing (hammering) a row of memory cells, an attacker can induce bitflips in adjacent rows. While extensively studied on CPUs, this vulnerability has now been proven to be a serious threat on GPUs as well.

The New Attacks on NVIDIA Ampere GPUs

On Thursday, two independent research teams demonstrated attacks on NVIDIA's Ampere generation cards, specifically targeting GDDR memory. These attacks, named GDDRHammer and GeForge, exploit the Rowhammer effect to corrupt GPU memory and subsequently gain full control over the host CPU's memory.

GDDRHammer: Manipulating GPU Page Tables

The first paper, titled "GDDRHammer: Greatly Disturbing DRAM Rows – Cross-Component Rowhammer Attacks from Modern GPUs," shows how an attacker can induce bitflips on the GPU to gain arbitrary read/write access to all of the CPU's memory. This results in a complete compromise of the machine. The attack works by exploiting the last-level page table, a critical structure for memory management.

GeForge: Forging GPU Page Tables

The second attack, "GeForge: Hammering GDDR Memory to Forge GPU Page Tables for Fun and Profit," takes a similar approach but targets the last-level page directory instead of the page table. The researchers were able to induce 1,171 bitflips against the RTX 3060 and 202 bitflips against the RTX 6000. By corrupting GPU page table mappings, GeForge achieves read and write access to the GPU memory space and then escalates privileges over host CPU memory. The proof-of-concept exploit for the RTX 3060 concludes by opening a root shell window, giving the attacker unrestricted command execution on the host machine.

Conditions for Exploitation

Both GDDRHammer and GeForge require that IOMMU (Input-Output Memory Management Unit) memory management is disabled. This is the default setting in BIOS configurations, making many systems vulnerable out of the box.

Third Attack: Breaking IOMMU Protection

In a significant development, researchers unveiled a third Rowhammer attack on Friday, April 3. This attack targets the RTX A6000 and achieves privilege escalation to a root shell. Crucially, it works even when IOMMU is enabled, bypassing a key protective measure. This expands the scope of vulnerability to systems that have IOMMU activated.

Implications for Security

These attacks highlight that Rowhammer is a serious threat not only on CPUs but also on GPUs. As GPUs are increasingly used for tasks like machine learning, cryptocurrency mining, and graphics rendering, their integration into systems means that compromising them can lead to total system control. The ability to achieve root access from a GPU exploit is particularly alarming.

Users and administrators should ensure that IOMMU is enabled where possible, though the third attack shows this is not a foolproof defense. Keeping GPU firmware and drivers updated is also advisable. Additionally, organizations should consider hardware-level mitigations, such as using DRAM with enhanced Rowhammer resistance (e.g., TRR or ECC).

Conclusion

The demonstrated Rowhammer attacks against NVIDIA Ampere GPUs represent a major escalation in memory corruption threats. With two attacks requiring disabled IOMMU and a third circumventing it, the need for comprehensive security measures is clear. As research continues, further vulnerabilities may emerge, underscoring the importance of proactive defense strategies in hardware security.