NVIDIA is warning customers to activate System Stage Error-Correcting Code mitigation to guard towards Rowhammer assaults on graphical processors with GDDR6 reminiscence.
The corporate is reinforcing the advice as new analysis demonstrates a Rowhammer assault towards an NVIDIA A6000 GPU (graphical processing unit).
Rowhammer is a {hardware} fault that may be triggered via software program processes and stems from reminiscence cells being too shut to one another. The assault was demonstrated on DRAM cells however it might have an effect on GPU reminiscence, too.
It really works by accessing a reminiscence row with sufficient read-write operations, which causes the worth of adjoining information bits to flip from one to zero and vice-versa, inflicting the in-memory data to vary.
The impact might be a denial-of-service situation, information corruption, and even privilege escalation.
System Stage Error-Correcting Codes (ECC) can protect the integirty of the info by including redundant bits and correcting single-bit errors to keep up information reliability and accuracy.
In workstation and information heart GPUs the place VRAM handles giant datasets and exact calculations associated to AI workloads, ECC should be enabled to forestall essential errors of their operation.
NVIDIA’s safety discover notes that researchers on the College of Toronto confirmed “a possible Rowhammer assault towards an NVIDIA A6000 GPU with GDDR6 Reminiscence” the place System-Stage ECC was not enabled.
The tutorial researchers developed GPUHammer, an assault technique to flip bits on GPU reminiscences.
Though hammering is tougher on GDDR6 due to greater latency and sooner refresh in contrast with CPU-based DDR4, the researchers have been in a position to display that Rowhammer assaults on GPU reminiscence banks is feasible.
Other than the RTX A6000, the GPU maker additionally recommends enabling System-Stage ECC for the next merchandise:
Information Heart GPUs:
- Ampere: A100, A40, A30, A16, A10, A2, A800
- Ada: L40S, L40, L4
- Hopper: H100, H200, GH200, H20, H800
- Blackwell: GB200, B200, B100
- Turing: T1000, T600, T400, T4
- Volta: Tesla V100, Tesla V100S
Workstation GPUs:
- Ampere RTX: A6000, A5000, A4500, A4000, A2000, A1000, A400
- Ada RTX: 6000, 5000, 4500, 4000, 4000 SFF, 2000
- Blackwell RTX PRO (latest workstation line)
- Turing RTX: 8000, 6000, 5000, 4000
- Volta: Quadro GV100
Embedded / Industrial:
- Jetson AGX Orin Industrial
- IGX Orin
The GPU maker notes that newer GPUs like Blackwell RTX 50 Collection (GeForce), Blackwell Information Heart GB200, B200, B100, and Hopper Information Heart H100, H200, H20, and GH200, include built-in on-die ECC safety, which does nor require an intervention from the person.
One technique to test if System Stage ECC is enabled is to make use of an out-of-band technique that makes use of the system’s BMC (Baseboard Administration Controller) and {hardware} interface software program, just like the Redfish API, to test the “ECCModeEnabled” standing.
Instruments like NSM Sort 3 and NVIDIA SMBPBI will also be used for configuration, although they require entry to the NVIDIA Accomplice Portal.
A second In-Band technique additionally exists, utilizing the nvidia-smi command-line utility from the system’s CPU to test and allow ECC the place supported.
Rowhammer represents an actual safety concern that would trigger information corruption or allow assaults in multi-tenant environments like cloud servers the place susceptible GPUs could also be deployed.
Nonetheless, the true danger is context-dependent, and exploiting Rowhammer reliably is difficult, requiring particular circumstances, excessive entry charges, and exact management, making it an assault troublesome to execute.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
