Nvidia GPU Rowhammer Attack Grants Full System Control

The soaring demand and high cost of high-performance GPUs, particularly those priced at $8,000 or more, have made shared cloud environments a common reality. This shared access model, however, introduces significant security risks. Recent research has revealed that a malicious actor on such a system can achieve full root control of the host server by executing a novel Rowhammer attack directly against the memory of an Nvidia GPU.

This class of attack capitalizes on a fundamental hardware vulnerability where repeated, rapid access to DRAM memory creates electrical interference. This interference can induce bit flips, changing stored data from a 0 to a 1 or vice versa. First documented in 2014 targeting CPUs, the technique was soon weaponized. By 2015, researchers demonstrated that precisely hammering specific memory rows could allow an unprivileged user to gain root privileges or break out of security sandboxes, primarily in systems using older DDR3 memory.

The threat landscape has evolved considerably over the last ten years. While most attention remained on CPU-based memory, researchers began to question if the graphics memory in GPUs was also vulnerable. A critical breakthrough came when a team successfully induced bit flips in GDDR memory, the type used in modern graphics cards. This proved the underlying susceptibility existed, but the initial results were limited. The researchers managed only eight bit flips, a far cry from the scale possible on CPU DRAM, and the impact was confined to corrupting the output of a single neural network running on the compromised GPU. This modest proof of concept, however, opened the door to the far more severe attacks we see today.