GPUBreach Exploit Uses GPU Memory Bit-Flips to Achieve Full System Takeover
GPUBreach Exploit Overview π
The GPUBreach attack technique utilizes GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research reveals that attacks like GPUBreach exploit RowHammer bit-flips in GPU memory (GDDR6) to go beyond mere data corruption. Attackers can leverage this technique to escalate privileges and, in some cases, gain complete control of the system.
Unlike earlier GPUHammer methods, this approach demonstrates that GPU memory faults can directly impact CPU-level security, making the threat significantly more serious.
Key Findings π
- Privilege Escalation: GPUBreach shows that GPU Rowhammer attacks can extend beyond data corruption to real privilege escalation. By corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read/write access, which can then be chained into CPU-side escalation by exploiting newly discovered memory-safety bugs in the NVIDIA driver.
- System-Wide Compromise: The result is a system-wide compromise up to a root shell, without the need to disable IOMMU, unlike contemporary works, making GPUBreach a more potent threat.
- Data Theft Risks: By targeting GPU page tables in memory, attackers can manipulate them through bit flips, enabling arbitrary read/write access, data theft (including cryptographic keys), and ML manipulation.
Implications for Security π
The leakage of secret keys from NVIDIA cuPQC, a library used to accelerate post-quantum cryptography, occurs when keys reside in GPU DRAM during operations such as key exchange. By tampering with one branch in cuBLAS SASS in GPU memory, researchers have demonstrated a significant drop in accuracy (for example, from 80% accuracy to 0%), more stealthily than prior weight tampering attacks.
Critically, the attack can escalate to CPU-level privileges, even with protections like input-output memory management unit (IOMMU) enabled, allowing attackers to gain root access and fully compromise the system.
Recommendations β οΈ
While ECC can help mitigate Rowhammer by correcting single-bit errors and detecting double-bit flips, it fails against multi-bit flips and may allow silent corruption. Consumer GPUs lack ECC, leaving them without effective protection.
Conclusion: ECC is not a foolproof mitigation against GPUBreach. On desktop or laptop GPUs, where ECC is currently unavailable, there are no known mitigations to our knowledge.