Credit: The original article is published here.
- Security researchers from University of Toronto warn on Rowhammer flaw
- Older GPUs seem to be vulnerable
- Nvidia urges users to update as soon as possible
Nvidia is urging users to apply mitigations it provided against so-called Rowhammer attacks after new research confirmed their potential to cause serious and stealthy hardware-level compromises.
Rowhammer is an exploit of a vulnerability in dynamic RAM (DRAM), where repeatedly accessing (or “hammering”) a row of memory can cause bit flips in adjacent rows. As a result, threat actors could bypass security boundaries, triggering privilege escalations, data tampering, or even denial-of-service states.
Although this is a hardware-level issue, software-based techniques can trigger and weaponize the flaw remotely.
Newer GPUs are safe
Although known for more than a decade, Rowhammer attacks have first been exploited in 2018, and even then – very rarely and in limited capacity – mostly due to their complexity and hardware dependencies.
However security researchers Chris (Shaopeng) Lin, Joyce Qu, and Gururaj Saileshwar, from the University of Toronto recently published new research demonstrating the practical use of the flaw:
“We ran GPUHammer on an NVIDIA RTX A6000 (48 GB GDDR6) across four DRAM banks and observed 8 distinct single-bit flips, and bit-flips across all tested banks,” the researchers said. “The minimum activation count (TRH) to induce a flip was ~12K, consistent with prior DDR4 findings.”
“Using these flips, we performed the first ML accuracy degradation attack using Rowhammer on a GPU.”
The “ML accuracy degradation attack” means Rowhammer was used to degrade machine-learning model accuracy, from the usual 80% down to a depressing 1%, using a single bit flip.
Nvidia has urged users to activate the System Level Error-Correcting Code mitigation, which protects against Rowhammer on GDDR6 devices. The mitigation works by adding redundant bits and correcting single-bit errors, maintaining data reliability and accuracy.
The list of affected GPUs is rather extensive, and besides the RTX A6000, includes multiple Blackwell, Volta, and Turing products.
The full list can be found on this link – but newer GPUs come with built-in protection, Nvidia said.
Via BleepingComputer
You might also like
- Modern memory chips increasingly vulnerable to this physical hacking technique
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
