Rowhammer Attack Against NVIDIA Chips
Source: Schneier on Security
Overview
Two independent research teams have demonstrated Rowhammer attacks on NVIDIA Ampere‑generation GPUs that can corrupt GDDR memory and give an attacker full control over the host CPU’s memory. The attacks rely on disabling IOMMU memory management, which is the default BIOS setting.
“Our work shows that Rowhammer, which is well‑studied on CPUs, is a serious threat on GPUs as well,” said Andrew Kwong, co‑author of one of the papers. “GDDRHammer: Greatly Disturbing DRAM Rows‑Cross‑Component Rowhammer Attacks from Modern GPUs.” “With our work, we… show how an attacker can induce bit flips on the GPU to gain arbitrary read/write access to all of the CPU’s memory, resulting in complete compromise of the machine.”
GDDRHammer
- Goal: Induce bit flips in GDDR6 memory to corrupt the GPU’s last‑level page table (LLPT), allowing arbitrary read/write access to CPU memory.
- Key Findings:
- Works on RTX A6000 and other Ampere GPUs.
- Requires IOMMU to be disabled.
- Demonstrated full system compromise of the host machine.
GeForge
- Paper Title: GeForge: Hammering GDDR Memory to Forge GPU Page Tables for Fun and Profit
- Technique: Similar to GDDRHammer but targets the last‑level page directory (LLPD) instead of the LLPT.
- Results:
- Induced 1,171 bit flips on an RTX 3060.
- Induced 202 bit flips on an RTX 6000.
- Corrupted GPU page‑table mappings in GDDR6, granting read/write access to GPU memory and, subsequently, to host CPU memory.
- The proof‑of‑concept exploit on the RTX 3060 opens a root shell on the host, allowing unrestricted command execution.
Update (April 3)
A third Rowhammer attack was disclosed targeting the RTX A6000. Unlike the previous two attacks, this variant succeeds even when IOMMU is enabled, achieving privilege escalation to a root shell.
Impact
- Rowhammer attacks are not limited to CPUs; modern GPUs can be leveraged to compromise system memory.
- Disabling IOMMU (the default BIOS configuration) makes systems vulnerable.
- Even with IOMMU enabled, newer attack techniques can still achieve full system compromise.
These findings highlight the need for stronger mitigations in GPU memory controllers and system firmware to protect against cross‑component Rowhammer attacks.