Latest news with #Rowhammer
Time of India
16-07-2025
- Time of India
What is Rowhammer bit-flip attack which forced Nvidia to issue security alert
Researchers discovered that Nvidia's A6000 GPUs are prone to Rowhammer attacks. This allows hackers to tamper with user data on shared GPUs. Nvidia has issued an alert, advising users to enable Error Correction Code. Newer GPUs with GDDR7 or HBM3 memory have built-in protection. This vulnerability poses a risk in multi-tenant environments. Tired of too many ads? Remove Ads What Is Rowhammer bit-flip attack Tired of too many ads? Remove Ads Why is this a problem for Nvidia GPUs? How did Nvidia respond? A team of researchers has revealed that Nvidia's A6000 GPUs using GDDR6 memory are vulnerable to Rowhammer attacks, which can allow hackers to interfere with users' data on a shared GPU in the cloud, like AI models, even if they don't have direct access to it. In response to the research, Nvidia issued an alert for users asking them to ensure system-level ECC is enabled across the following NVIDIA products.'Specific generations of DRAM devices starting with DDR4, LPDDR5, HBM3, and GDDR7 implement On-Die ECC (OD-ECC) to help with DRAM scaling. OD-ECC indirectly protects Rowhammer bit flips. Note: OD-ECC is not adjustable by users. If OD-ECC is present, it is always enabled,' the company said in its alertRowhammer is a security issue where repeated access to memory can silently change data. Researchers just showed that this attack now works on Nvidia GPUs, so Nvidia issued an alert and recommends using ECC to stay for GPUs, also called GPUHammer, is a new hardware attack that targets graphics cards, specifically NVIDIA GPUs with GDDR6 memory. It is a hardware vulnerability found in computer memory chips (DRAM).Normally, data is safely stored in separate rows of memory cells. But if you rapidly and repeatedly access (hammer) one row, it introduces bit flips in adjacent memory rows. This can 'flip' bits of data even if no one directly accessed that data.'Since 2014, this vulnerability has been widely studied in CPUs and CPU-based memories like DDR3, DDR4, and LPDDR4. However, with critical AI and ML workloads now running on discrete GPUs in the cloud, it is vital to assess the vulnerability of GPU memories to Rowhammer attacks,' the researchers is a circuit-level DRAM vulnerability that lets attackers flip bits in neighboring memory rows. It had only been shown on CPU DRAM before, but now, researchers have demonstrated the first Rowhammer bit-flip attack on GPU DRAM, specifically on GDDR6 memory used in NVIDIA GPUs like the can potentially use Rowhammer to mess with another user's data on a shared GPU in the cloud, like AI models, even if they don't have direct access to it. The research proved that even a single bit flip could destroy the accuracy of an AI attack works in shared environments where multiple people or programs are using the same GPU at the same time (multi-tenant setups).Nvidia confirmed the Rowhammer risk on some GPUs and advised customers to turn on Error Correction Code (ECC), a memory feature that can catch and fix single-bit errors. This helps stop Rowhammer attacks, though it might slow down some AI workloads by up to 10%.Newer Nvidia GPUs (like those with GDDR7 or HBM3 memory) already have built-in protections (on-die ECC) against this type of attack.
Time of India
16-07-2025
- Time of India
Nvidia chips hacked, fall victim to Rowhammer bit-flip attacks; here's how to secure the AI GPUs
Nvidia issues security warning Live Events (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel A team of Canadian researchers has proved and demonstrated that Nvidia A6000 GPUs are vulnerable to Rowhammer bit-flip attacks , which can easily allow attackers to sabotage artificial intelligence models running on the widely used hardware of the tech giant. The attack, called GPU Hammer, was created by University of Toronto researchers Chris Lin, Joyce Qu, and Gururaj Saileshwar, and it may pose significant risks to AI usage. It is the first attack to show Rowhammer bit flips on GPU memories, specifically on a GDDR6 memory in an NVIDIA A6000 GPU According to the researchers, the attacks induce bit flips across all tested DRAM banks, despite in-DRAM defenses like TRR, using user-level CUDA code. These bit flips allow a malicious GPU user to tamper with another user's data on the GPU in shared, time-sliced environments. In a proof-of-concept, we use these bit flips to tamper with a victim's DNN models and degrade model accuracy from 80% to 0.1%, using a single bit lets attackers alter or corrupt memory data by rapidly and repeatedly accessing a specific row of memory cells. This repeated hammering of selected rows causes bit flips in adjacent rows, turning digital zeros into ones or vice versa. So far, Rowhammer attacks have only been shown on memory chips used in CPUs for general-purpose to the new research, Nvidia released a security notice saying that the fix is simple. The users just need to enable System-Level ECC , or error-correcting code. This simple setting creates a redundancy in the bits, so if one gets flipped, the system can automatically correct it before anything goes wrong.'For enterprise customer environments that require enhanced levels of assurance and integrity, NVIDIA recommends using professional and data center products (instead of consumer-grade graphics hardware) and ensuring that ECC is enabled to prevent Rowhammer-style attacks. This is enabled by default on the Hopper and Blackwell Data Center class of GPUs,' Nvidia said in a evaluating the risk, it's important to consider whether the GPU setup is single-tenant or multi-tenant. A Rowhammer attack between tenants can only be carried out if they access the GPU simultaneously.
