The cost of high-performance graphics processing units (GPUs), often exceeding $8,000, makes them prime targets for shared access in cloud computing environments. Recent research has unveiled three novel attacks, collectively dubbed GDDRHammer, GeForge, and GPUBreach, which exploit vulnerabilities in Nvidia’s high-performance GPU memory. These sophisticated Rowhammer attacks allow malicious actors to gain complete root control over a host machine by inducing bit flips within the GPU’s memory, ultimately hijacking the CPU’s operations.
The core of these attacks lies in the increasing susceptibility of modern memory hardware to "bit flips," a phenomenon where stored binary data (0s and 1s) spontaneously change state. This issue was first demonstrated in 2014 by researchers who showed that rapid, repeated access—or "hammering"—of dynamic random-access memory (DRAM) could create electrical disturbances leading to these bit flips. A year later, a different research team built upon this discovery, demonstrating that by strategically targeting specific DRAM rows containing sensitive data, an attacker could escalate privileges from an unprivileged user to root access or bypass security sandbox protections. These early breakthroughs primarily targeted DDR3 generations of DRAM, commonly found in CPUs.
The Decade-Long Evolution of Rowhammer: From CPUs to GPUs
Over the past decade, the Rowhammer attack vector has seen significant evolution, adapting to various memory technologies and system architectures. While earlier iterations focused on CPU DRAM, the research community has progressively explored its potential impact on other components. A notable development was the demonstration of Rowhammer’s applicability to Graphics Double Data Rate (GDDR) memory, the type of RAM used in GPUs. However, initial findings were modest, yielding only a handful of bit flips and causing limited damage, such as degrading the output of a neural network running on the targeted GPU. This previous research, while indicating potential, did not present a significant threat of full system compromise.
The landscape dramatically shifted with the independent findings of two research teams on Thursday. Their work directly targeted Nvidia’s Ampere generation GPUs, specifically Nvidia’s RTX 6000 and RTX 3060 models. These attacks represent a significant leap forward, demonstrating that GDDR bit flips can be leveraged to achieve full control over a host machine’s CPU memory. A critical prerequisite for these attacks to succeed is the disabling of the Input/Output Memory Management Unit (IOMMU), a security feature that manages device memory access. Crucially, IOMMU is often disabled by default in BIOS settings to maximize compatibility and performance.
Andrew Kwong, a co-author of one of the research papers, emphasized the severity of these findings: "Our work shows that Rowhammer, which is well-studied on CPUs, is a serious threat on GPUs as well. With our work, we show how an attacker can induce bit flips on the GPU to gain arbitrary read/write access to all of the CPU’s memory, resulting in complete compromise of the machine."
Introducing GDDRHammer, GeForge, and GPUBreach
GDDRHammer: Greatly Disturbing DRAM Rows
The first of these groundbreaking attacks is named GDDRHammer. The acronym cleverly references both "Graphics DDR" and "Greatly Disturbing DRAM Rows." This attack specifically targets Nvidia’s RTX 6000 GPU from the Ampere generation. While the attack vector was explored on newer Ada generation RTX 6000 models, the researchers noted that these use a different, more recent iteration of GDDR memory that they had not yet reverse-engineered.
GDDRHammer employs novel hammering patterns and a technique known as "memory massaging" to induce bit flips. This approach resulted in an average of 129 bit flips per memory bank, a staggering 64-fold increase compared to previous GPU-focused Rowhammer research. More importantly, GDDRHammer demonstrates the ability to manipulate the GPU’s memory allocator, effectively breaking the isolation of GPU page tables. Page tables, analogous to their CPU counterparts, are crucial data structures that map virtual memory addresses to physical DRAM addresses. By corrupting these tables and user data stored on the GPU, an attacker gains the ability to both read from and write to the GPU’s memory space.
Kwong further elaborated on the implications: "What our work does that separates us from prior attacks is that we uncover that Rowhammer on GPU memory is just as severe of a security consequence as Rowhammer on the CPU and that Rowhammer mitigations on CPU memory are insufficient when they do not also consider the threat from Rowhammering GPU memory. A large body of work exists, both theoretical and widely deployed, on both software and hardware level mitigations against Rowhammer on the CPU. However, we show that an attacker can bypass all of these protections by instead Rowhammering the GPU and using that to compromise the CPU. Thus, going forward, Rowhammer solutions need to take into consideration both the CPU and the GPU memory."
GeForge: Forging GPU Page Tables
The second attack, dubbed GeForge, with the paper title "Hammering GDDR Memory to Forge GPU Page Tables for Fun and Profit," largely mirrors the capabilities of GDDRHammer. However, GeForge focuses on manipulating the last-level page directory, a component of the memory management hierarchy, rather than the last-level page table itself. This attack achieved a remarkable 1,171 bit flips against an RTX 3060 and 202 bit flips against an RTX 6000.
Similar to GDDRHammer, GeForge utilizes advanced hammering patterns and memory massaging techniques to corrupt GPU page table mappings within GDDR6 memory. This grants the attacker read and write access to the GPU’s memory space. From this privileged position, the attack extends to gain equivalent control over the host CPU’s memory. The proof-of-concept exploit developed by the GeForge researchers for the RTX 3060 culminates in the opening of a root shell, allowing for unfettered command execution on the host machine. The researchers confirmed that both GDDRHammer and GeForge could achieve similar results against the RTX 6000.
The authors of the GeForge paper stated, "By manipulating GPU address translation, we launch attacks that breach confidentiality and integrity across GPU contexts. More significantly, we forge system aperture mappings in corrupted GPU page tables to access host physical memory, enabling user-to-root escalation on Linux. To our knowledge, this is the first GPU-side Rowhammer exploit that achieves host privilege escalation."
GPUBreach: A New Front in the Attack
On Friday, a third Rowhammer attack, named GPUBreach, was unveiled, presenting a distinct and potentially more potent threat. Unlike the previous two, GPUBreach’s researchers claim it is effective even when the IOMMU is enabled. This attack capitalizes on newly discovered memory-safety bugs within Nvidia’s GPU driver itself.
The core of GPUBreach’s success lies in its ability to corrupt metadata within permitted driver-owned buffers, even when the IOMMU confines the GPU’s direct memory access to these specific regions. This corruption causes the GPU driver, which operates at kernel privilege on the CPU, to perform out-of-bounds writes that the attacker can precisely control. This circumvents IOMMU protections without requiring them to be disabled. Like its predecessors, GPUBreach also employs memory massaging techniques to achieve its objectives.
Memory Massaging: A Crucial Enabler for GPU Exploitation
The effectiveness of both GDDRHammer and GeForge hinges on a technique referred to as "memory massaging." Nvidia’s GPU driver typically stores page tables in a protected, low-level memory region that is not susceptible to Rowhammering. To overcome this safeguard, GDDRHammer and GeForge employ memory massaging to steer these critical page tables into unprotected memory regions where bit flips can be induced.
Kwong explained the process: "Since these page tables dictate what memory is accessible, the attacker can modify the page table entry to give himself arbitrary access to all of the GPU’s memory. Moreover, we found that an attacker can modify the page table on the GPU to point to memory on the CPU, thereby giving the attacker the ability to read/write all of the CPU’s memory as well, which of course completely compromises the machine."
Zhenkai Zhang, a co-author of the GeForge paper, provided a detailed account of the memory massaging process: "Given a steering destination, we first isolate the 2 MB page frame containing it. We then use sparse UVM [unified virtual memory] accesses to drain the driver’s default low-memory page-table allocation pool and free the isolated frame at exactly the right moment so it becomes the driver’s new page-table allocation region. Next, we carefully advance allocations so that a page directory entry lands on the vulnerable subpage inside that frame. Finally, we trigger the bit flip so the corrupted page directory entry redirects its pointer into attacker-controlled memory, where a forged page table can be filled with crafted entries."
An Nvidia representative, when contacted for comment, directed inquiries to a page published in July in response to the earlier GPUHammer attack, offering guidance on vulnerability and mitigation. The company did not provide further elaboration.
Addressing the Vulnerabilities: Mitigation Strategies and Future Implications
The researchers have identified the Nvidia RTX 3060 and RTX 6000 cards from the Ampere generation as vulnerable to these attacks. A primary mitigation strategy recommended by the researchers is to enable the IOMMU in the BIOS settings. The IOMMU acts as a crucial intermediary, mapping device-visible virtual addresses to physical addresses on the host memory, thereby restricting the GPU’s access to sensitive host memory locations. However, enabling the IOMMU often incurs a performance penalty due to the overhead associated with address translations, which is why it is frequently disabled by default.
It is important to note that the GPUBreach researchers contend that IOMMU protections are not a complete defense against their specific attack vector. Another potential mitigation is the enablement of Error Correcting Codes (ECC) on the GPU, a feature that Nvidia supports via command-line configuration. Similar to IOMMU, ECC also introduces performance overhead and reduces the total available workable memory. Furthermore, prior research has indicated that certain Rowhammer attacks can successfully bypass ECC protections.
Currently, the known vulnerable GPU models are the RTX 3060 and RTX 6000 from the Ampere generation, launched in 2020. While it is plausible that newer generations of GPUs from Nvidia and other manufacturers may be susceptible, the rapid pace of product development often outstrips the timeline for academic security research, leaving potential vulnerabilities unaddressed in the immediate future.
Top-tier cloud platforms typically implement security measures that surpass those found in standard consumer or enthusiast machines. However, it is worth noting that there are currently no documented instances of Rowhammer attacks being actively exploited in real-world scenarios.
The significance of this research lies in its role as a critical alert to both GPU manufacturers and users. These findings underscore the potential for Rowhammer attacks on GPU platforms to fundamentally disrupt existing security paradigms. Further details regarding the GDDRHammer and GeForge attacks can be found at gddr.fail.
This article has been updated to incorporate the latest details regarding the GPUBreach attack.
