So where do we go now?
The researchers said that both the RTX 3060 and RTX 6000 cards are vulnerable. He said changing the BIOS default to enable IOMMU eliminates the vulnerability. Short for Input-Output Memory Management Unit, IOMMU maps device-visible virtual addresses to physical addresses on host memory. This can be used to make certain parts of memory out of bounds.
“In the context of our attack, an IOMMU can restrict the GPU from accessing sensitive memory locations on the host,” Kwong explained. “However, IOMMU is disabled by default in the BIOS to maximize compatibility and because enabling IOMMU incurs a performance penalty due to the overhead of address translation.”
As noted in the update above, GPUBreach researchers say the IOMMU protection is not a defense against their attack.
A different mitigation is to enable error correction codes (ECC) on the GPU, which Nvidia allows to be done using the command line. Like IOMMU, enabling ECC incurs some performance overhead because it reduces the total amount of working memory available. Additionally, some Rowhammer attacks can overcome ECC mitigations.
GPU users should understand that the only cards known to be vulnerable to Rowhammer are the RTX 3060 and RTX 6000 of the Ampere generation, which were introduced in 2020. It wouldn’t be surprising if new generations of graphics cards from Nvidia and others are susceptible to similar types of attacks, but because the pace of academic research typically lags far behind the fast pace of product rollouts, there’s no way to know for now.
Top-tier cloud platforms typically provide security levels that go far beyond those available by default on hobbyist and consumer machines. Another thing to remember: there are no known examples of Rowhammer attacks being actively used in the wild.
The real value of the research is to remind GPU manufacturers and users alike that Rowhammer attacks on these platforms have the potential to seriously impact security. More information about GDDRHammer and GeForge is available here.
Post updated to add newly available details about GPUBreach.
<a href