Description
Security researchers have identified a new hardware-level attack called GPUBreach, which exploits a Rowhammer-style vulnerability in GPU memory to achieve privilege escalation and potentially take full control of a system.
The attack targets GDDR6 memory used in graphics processing units (GPUs) and induces bit flips in memory cells, allowing attackers to manipulate critical memory structures used by the GPU. By corrupting GPU page tables, attackers can gain unauthorized read and write access to GPU memory and potentially escalate privileges to compromise the host system.
The research was developed by a team at the University of Toronto and is expected to be presented at the IEEE Symposium on Security & Privacy. This discovery highlights emerging risks associated with GPU hardware security, especially as GPUs are increasingly used in cloud computing, artificial intelligence workloads, and high-performance computing environments.
Attack Details
GPUBreach extends the well-known Rowhammer memory corruption technique, which repeatedly accesses specific memory rows to induce electrical interference that flips bits in adjacent memory cells.
Key characteristics include:
- Rowhammer exploitation on GPUs: The attack specifically targets GDDR6 VRAM used by modern GPUs to induce controlled bit flips.
- GPU page table corruption: By flipping bits in page table entries (PTEs), attackers can manipulate memory permissions and gain arbitrary read/write access to GPU memory.
- Privilege escalation: Once memory manipulation is achieved, attackers can chain the attack with vulnerabilities in GPU drivers to escalate privileges on the host system.
- Bypassing memory protections: The attack can succeed even when Input-Output Memory Management Unit (IOMMU) protections are enabled, which are typically used to isolate device memory access.
- Local execution requirement: The attack requires the ability to execute code on the system (e.g., through a malicious application or compromised workload), meaning it is most relevant in shared computing environments such as cloud GPU clusters.
Because GPUs are increasingly used in cloud services, AI processing environments, and enterprise systems, successful exploitation could allow attackers to escape sandboxed workloads and compromise the host infrastructure.
Remediation
Organizations should take the following measures to mitigate potential risks from GPU-based memory attacks:
- Update GPU drivers: Ensure that GPU drivers and related firmware are updated regularly to incorporate security patches and mitigations.
- Enable hardware protections: Use hardware-level protections such as Error-Correcting Code (ECC) memory, when available, to detect and correct memory bit flips.
- Restrict GPU access: Limit access to GPU resources in multi-tenant environments and enforce strict isolation between workloads.
- Enable IOMMU protections: Ensure that IOMMU or equivalent memory protection features are enabled in system BIOS/UEFI configurations.
- Monitor GPU workloads: Monitor systems for abnormal GPU activity, suspicious compute workloads, or unauthorized CUDA/OpenCL code execution.
- Secure shared environments: Implement strong isolation policies for cloud environments, AI clusters, and high-performance computing systems where multiple users share GPU resources.
- Conduct security assessments: Regularly evaluate infrastructure that relies on GPU compute resources for potential hardware-level vulnerabilities and side-channel attacks.
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: GPUBreach Attack Enables System Takeover via GPU Rowhammer
References