- Security Researchers at Toronto University warn about Rowhammer’s failure
- Major GPUs seem to be vulnerable
- Nvidia urges users to update as soon as possible
Nvidia urges users to apply the mitigations they provided against the so -called Rowhammer attacks after new research confirmed their potential to cause serious and stealthy commitments at the hardware level.
Rowhammer is an exploit of vulnerability in dynamic RAM (DRAM), where he repeatedly accesses (or “hammering”) a row of memory can cause bits turns in adjacent rows. As a result, threat actors could overlook security limits, triggering privileges, data manipulation or even state denial states.
Although this is a hardware level problem, software -based techniques can trigger and assemble the failure remotely.
The newest GPUs are safe
Although known for more than a decade, Rowhammer’s attacks have been exploited for the first time in 2018, and even then, very rarely and limited capacity, mainly due to their complexity and hardware dependencies.
However, Chris security researchers (Shaopeng) Lin, Joyce Qu and Gururaj Sailhwar, from the University of Toronto, recently published a new research that demonstrates the practical use of the fault:
“We execute Gpuhammer in a NVIDIA RTX A6000 (48 GB GDDR6) in four dram banks and observe 8 different somersaults of a single bits and bits in all tested banks,” said the researchers. “The minimum activation count (THR) to induce a change was ~ 12K, consisting of the previous DDR4 findings.”
“Using these flips, we carry out the first ML precision degradation attack using Rowhammer in a GPU.”
The “ML precision degradation attack” means that Rowhammer was used to degrade the accuracy of the automatic learning model, from the usual 80% to 1% depressing, using a single flip.
NVIDIA has urged users to activate the mitigation of the system’s level error correction code, which protects against Rowhammer on GDDR6 devices. The mitigation works by adding redundant bits and correcting single -bit errors, maintaining the reliability and precision of the data.
The affected GPU list is quite extensive, and in addition to RTX A6000, it includes multiple Blackwell, Volta and Turing products.
The complete list can be found in this link, but the newest GPUs come with incorporated protection, Nvidia said.
Through Bleepingcomputer
