CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
A significant security vulnerability, dubbed GPUHammer, has been demonstrated against NVIDIA GPUs, specifically targeting GDDR6 memory. Researchers from the University of Toronto have successfully executed a Rowhammer attack variant on an NVIDIA A6000 GPU, causing bit flips in the memory. This type of attack exploits the physical behavior of DRAM chips, where rapid access to one memory row can induce errors, or bit flips, in adjacent rows. While Rowhammer has been a known issue for CPUs, this marks the first successful demonstration against a discrete GPU, raising concerns about the integrity of data and computations performed on these powerful processors, especially within the burgeoning field of artificial intelligence.
The practical implications of GPUHammer are particularly alarming for machine learning models. In a proof-of-concept demonstration, researchers were able to degrade the accuracy of a deep neural network model from 80% to a mere 0.1% by inducing a single bit flip. This degradation highlights the vulnerability of AI infrastructure, which increasingly relies on GPUs for parallel processing and complex calculations. Such attacks could compromise the reliability and trustworthiness of AI systems, impacting everything from image recognition to complex decision-making processes. NVIDIA has acknowledged these findings and is urging its customers to implement specific security measures to defend against this threat.
In response to the GPUHammer attack, NVIDIA is strongly recommending that customers enable System-level Error Correction Codes (ECC) on their GDDR6 GPUs. ECC is a hardware-level mechanism designed to detect and correct errors in memory, and it has been proven to effectively neutralize the Rowhammer threat. NVIDIA's guidance applies to a wide range of its professional and data center GPU architectures, including Blackwell, Hopper, Ada, Ampere, and Turing. While consumer-grade GPUs may have limited ECC support, the company emphasizes that its enterprise-grade and data center solutions, many of which have ECC enabled by default, are the recommended choice for applications requiring enhanced security assurance. This proactive measure aims to protect users from data tampering and maintain the integrity of critical workloads.
ImgSrc: blogger.googleu
References :
The practical implications of GPUHammer are particularly alarming for machine learning models. In a proof-of-concept demonstration, researchers were able to degrade the accuracy of a deep neural network model from 80% to a mere 0.1% by inducing a single bit flip. This degradation highlights the vulnerability of AI infrastructure, which increasingly relies on GPUs for parallel processing and complex calculations. Such attacks could compromise the reliability and trustworthiness of AI systems, impacting everything from image recognition to complex decision-making processes. NVIDIA has acknowledged these findings and is urging its customers to implement specific security measures to defend against this threat.
In response to the GPUHammer attack, NVIDIA is strongly recommending that customers enable System-level Error Correction Codes (ECC) on their GDDR6 GPUs. ECC is a hardware-level mechanism designed to detect and correct errors in memory, and it has been proven to effectively neutralize the Rowhammer threat. NVIDIA's guidance applies to a wide range of its professional and data center GPU architectures, including Blackwell, Hopper, Ada, Ampere, and Turing. While consumer-grade GPUs may have limited ECC support, the company emphasizes that its enterprise-grade and data center solutions, many of which have ECC enabled by default, are the recommended choice for applications requiring enhanced security assurance. This proactive measure aims to protect users from data tampering and maintain the integrity of critical workloads.
ImgSrc: blogger.googleu
Share:
References :
- cyberpress.org: GPUHammer: First Rowhammer Exploit Aimed at NVIDIA GPUs
- The Hacker News: GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs
- Talkback Resources: NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks
- BleepingComputer: NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks
- Cyber Security News: The hardware security landscape has taken a dramatic turn as researchers have, for the first time, demonstrated a successful Rowhammer attack targeting NVIDIA A6000 GPUs utilizing GDDR6 memory.
- gbhackers.com: Researchers from the University of Toronto have unveiled the first successful Rowhammer attack on an NVIDIA GPU, specifically targeting the A6000 model equipped with GDDR6 memory.
- gpuhammer.com: GPUHammer: Rowhammer bit flips on GPU memories, specifically on a GDDR6 memory in an NVIDIA A6000 GPU. Our attacks induce bit flips across all tested DRAM banks, despite in-DRAM defenses like TRR, using user-level CUDA code.
- www.bleepingcomputer.com: NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks
Classification:
- HashTags: #Rowhammer #GPU #AIML
- Company: Nvidia
- Target: NVIDIA GPU users
- Product: GPU
- Feature: System-level ECC
- Malware: GPUHammer
- Type: Research
- Severity: Medium