""By corrupting GPU page tables via GDDR6 bit-flips, an unprivileged process can gain arbitrary GPU memory read/write, and then chain that into full CPU privilege escalation - spawning a root shell - by exploiting memory-safety bugs in the NVIDIA driver.""
""GPUBreach shows it is not enough: by corrupting trusted driver state within IOMMU-permitted buffers, we trigger kernel-level out-of-bounds writes - bypassing IOMMU protections entirely without needing it disabled.""
""RowHammer is a long-standing Dynamic Random-Access Memory (DRAM) reliability error where repeated accesses to a memory row can cause electrical interference that flips bits in adjacent rows.""
""DRAM manufacturers have implemented hardware-level mitigations, such as Error-Correcting Code (ECC) and Target Row Refresh (TRR), to counter this line of attack.""
New research reveals that RowHammer attacks can exploit high-performance GPUs to escalate privileges and potentially take full control of a host. The GPUBreach method demonstrates that bit-flips in GPU memory can corrupt GPU page tables, allowing unprivileged processes to gain arbitrary memory access and escalate to full CPU privileges. Notably, GPUBreach operates without disabling the IOMMU, bypassing its protections by corrupting trusted driver states. This poses significant risks for cloud AI infrastructure and multi-tenant GPU environments, undermining the security of modern operating systems.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]