The notorious Rowhammer security attack technique has spread to a new medium with proven attacks on Nvidia GPUs.The attack, known as GPUHammer, allows a threat actor to manipulate memory contents, potentially allowing for security bypass or data leaks. The technique, developed by a trio of researchers from the University of Toronto, marks the first time Rowhammer has been demonstrated on Nvidia A6000 GPUs running GDDR6 memory.The Rowhammer technique has been known for years. By repeatedly activating specific rows of memory, an attacker can potentially flip bit values in adjacent rows. Should an attacker be able specifically target rows and bits, they can potentially alter critical security settings and reveal sensitive data from memory contents.While Rowhammer attacks had been proven effective against certain types of DRAM, they had yet to be shown on GPU-based GDDR6 memory chips. This is in part due to the higher latency of the memory modules and the way in which memory is mapped in the GPU modules, making row recognition more difficult.In short, GPU memory is more difficult to hammer with any sort of regularity or accuracy, making the attacks far less reliable and practical.What the Toronto trio of Chris Lin, Joyce Qu and Gururaj Saileshwar discovered, however, is that the handling of virtual memory addresses for large banks of memory could be reverse engineered. This would allow a threat actor to reliably identify a physical memory address and conduct a rowhammer-type attack that could flip bit values for specific memory locations.“Using these bit-flips, we demonstrate for the first time ac[1]curacy degradation attacks on ML models running on a GPU, that affect a wide range of deep learning models,” the researchers explained.“We show that bit-flips can occur in the most-significant bit of the expo[1]nent in FP16-representation weights, significantly altering the value of the parameter and degrading the accuracy.”Being able to conduct rowhammer attacks on GPU hardware is particularly relevant as many developers and vendors are increasingly relying on GPU hardware for specific computing tasks.Operations such as machine learning and virtualized computing deployments rely on the distributed nature of GPU hardware, making the units more important than ever for IT environments.The researchers reckon that by cracking the Rowhammer technique for GPUs, it is possible to disrupt multi-tenant deployments, allowing the threat actor to access the memory contents of other instances running on the same server.While there is a mitigation for the flaw, it comes with a price. The researchers said that while the attacks can be slowed via the use of error correction codes (ECC) those mitigations can also have a negative impact on machine learning performance, in some cases slowing activity by as much as 10%.
AI/ML, Supply chain
Rowhammer attacks spread to Nvidia GPUs with attacks on GDDR6 memory
(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Shaun Nichols
A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds