GPU Sharing Fuels New Security Risks
Given the cost and shortage of high-performance GPUs driven by AI, these cards, typically costing $8,000 or more, are frequently shared among dozens of users in cloud environments. This multi-tenant setup amplifies risks, as a single compromised instance can threaten the entire host.
Novel Rowhammer Attacks on Nvidia Cards
Two new attacks demonstrate how a malicious user can gain full root control of the host machine by performing novel Rowhammer attacks on high-performance GPU cards made by Nvidia. The attacks exploit memory hardware’s increasing susceptibility to bit flips, in which 0s stored in memory switch to 1s and vice versa.
Rowhammer's Origins in DRAM
In 2014, researchers first demonstrated that repeated, rapid access—or “hammering”—of memory hardware known as DRAM creates electrical disturbances that flip bits. A year later, a different research team showed that by targeting specific DRAM rows storing sensitive data, an attacker could exploit the phenomenon to escalate an unprivileged user to root or evade security sandbox protections. Both attacks targeted DDR3 generations of DRAM.
From CPU to GPU: Rowhammer's Decade-Long Journey
Over the past decade, dozens of newer Rowhammer attacks have evolved to target successive DRAM generations, bypass hardware mitigations, and extend beyond CPUs into GPU environments. What began as a CPU-specific issue has now reached high-end Nvidia GPUs, where shared access in clouds provides the perfect vector for privilege escalation.
Rowhammer Attack Evolutions
- Shifted from DDR3 to DDR4 and beyond with refined hammering patterns.
- Incorporated non-uniform access to evade row refresh defenses.
- Adapted for GPU memory architectures in multi-user cloud instances.
- Enabled full host compromise from isolated GPU workloads.
