New Rowhammer Exploit Threatens NVIDIA GPUs Using GDDR6 Memory

Rowhammer Attacks Now Target NVIDIA GPUs with GDDR6 Memory

Rowhammer attacks, a well-known class of hardware vulnerabilities, have traditionally targeted DRAM in CPUs, exploiting the physical properties of memory cells to induce bit-flips and bypass memory isolation. Recent research has revealed that these attacks are no longer limited to CPUs and DDR memory. Modern NVIDIA GPUs equipped with GDDR6 memory are now susceptible, exposing new risks to system security.

Expanding the Attack Surface: From CPUs to GPUs

Two independent research teams, known as "GDDRHammer" and "GeForge," have demonstrated practical Rowhammer exploits against NVIDIA GPUs using GDDR6 memory. Their findings show that attackers can leverage the inherent fragility of GDDR6 to induce targeted bit-flips, not only compromising the GPU but also breaching the security boundary to access the host CPU’s memory. This escalation allows attackers to gain full control over the system, including root-level access, without needing to exploit privileged software.

The attack works by manipulating the GPU’s memory allocator and corrupting its page tables through controlled bit-flips. Once the page tables are compromised, the attacker can read and write arbitrary data in the system’s main memory. This method has proven effective on several NVIDIA GPU models, including the GeForce RTX 3060, which experienced 1,171 bit-flips, and the RTX 6000 "Ada" GPU, which saw 202 bit-flips during testing. According to the researchers, 25 NVIDIA GPUs were evaluated, with only a subset showing vulnerability to this attack vector.

Advanced Rowhammer Techniques for GPUs

The new Rowhammer techniques developed by these teams are specifically tailored for GPU architecture, achieving a much higher rate of bit-flips on GDDR6 memory compared to previous methods. By exploiting the GPU’s memory management mechanisms, attackers can bypass traditional security measures and directly manipulate system memory, leading to a complete system compromise.

Mitigation Strategies for GDDR6 Rowhammer Attacks

There are two primary mitigations to defend against these GPU-based Rowhammer attacks. The first is enabling IOMMU (Input-Output Memory Management Unit) in the system BIOS. IOMMU restricts the memory regions accessible to the GPU, effectively blocking the main attack path by isolating sensitive host memory from peripheral devices. This hardware feature translates device-visible virtual addresses to physical addresses, providing a robust barrier against unauthorized memory access.

The second mitigation involves activating Error Correcting Codes (ECC) on the GPU. NVIDIA provides a command-line option to enable ECC, which can detect and correct memory errors, including those induced by Rowhammer attacks. However, enabling ECC reduces the available GPU memory and introduces additional processing overhead, resulting in a performance trade-off.

Notably, GPUs equipped with GDDR6X and GDDR7 memory are not affected by these exploits. The vulnerability appears to be specific to GDDR6, highlighting the importance of memory technology selection in system security.

Conclusion

The discovery of Rowhammer vulnerabilities in NVIDIA GPUs with GDDR6 memory marks a significant evolution in hardware security threats. As attackers continue to develop more sophisticated techniques, it is crucial for organizations and individuals to stay informed about emerging risks and implement available mitigations to protect their systems.

Maya Stein Maya is a tech journalist who specializes in PC hardware and semiconductor industry trends. When she’s not writing, she’s building custom PCs and testing the latest peripherals.