The cost of high-performance GPUs, typically $8,000 or more, means they are frequently shared among dozens of users in cloud environments. Two new attacks demonstrate how a malicious user can gain full root control of a host machine by performing novel Rowhammer attacks on high-performance GPU cards made by Nvidia.
The attacks exploit memory hardware’s increasing susceptibility to bit flips, in which 0s stored in memory switch to 1s and vice versa. In 2014, researchers first demonstrated that repeated, rapid access—or “hammering”—of memory hardware known as DRAM creates electrical disturbances that flip bits. A year later, a different research team showed that by targeting specific DRAM rows storing sensitive data, an attacker could exploit the phenomenon to escalate an unprivileged user to root or evade security sandbox protections. Both attacks targeted DDR3 generations of DRAM.
From CPU to GPU: Rowhammer’s decade-long journey
Over the past decade, dozens of newer Rowhammer attacks have evolved to, among other things:
This is an intriguing topic! The implications of Rowhammer attacks on high-value Nvidia GPUs are definitely worth discussing. It’s important to stay informed about such vulnerabilities in our tech landscape.
Absolutely, it’s fascinating to consider the security risks associated with such costly hardware. The fact that these GPUs are often shared among multiple users only heightens the potential for exploitation. It might be interesting to explore how cloud computing environments could implement better safeguards against these types of attacks.
You’re right, the high value of these GPUs makes them attractive targets for attackers. It’s interesting to note that the shared nature of these resources in data centers can amplify the impact of Rowhammer attacks, potentially compromising multiple systems at once.
It’s interesting to consider how the shared nature of these GPUs in data centers could complicate security measures. With multiple users accessing the same hardware, the risk of spreading vulnerabilities increases significantly. Implementing strict access controls might be essential to mitigate these threats.