Cybersecurity issues are a fact of life in our digital age. Some threats are more concerning, while others aren’t nearly as big of a deal as some make them out to be. On today's menu, we'll talk about Rowhammer, a known exploit that affects dynamic random-access memory (DRAM). Specifically, a variant called GPUHammer that alters graphics cards with GDDR6 memory.
According to new research from the University of Toronto, GPUHammer is the first Rowhammer variant that affects GPUs (graphics processing units) specifically. The research shows that GPUHammer can flip bits on GDDR6 memory, which can cause all sorts of issues, including leaking personal data and affecting the GPU’s ability to perform some workflows. As an example, the researchers say that flipping even one bit can reduce the accuracy of deep neural network models from 80 percent to 0.1 percent, and that accuracy degrades further when more bits are flipped. Since Nvidia GPUs are so popular with data centers and workstation computers, that means this vulnerability could impact many businesses.
Nvidia released a security notice about the exploit. Fortunately, the fix is pretty simple. All anyone needs to do is enable System-Level ECC, or error correcting code. This simple setting creates a redundancy in the bits so if one gets flipped, the system can automatically correct it before anything goes wrong.
Should I be worried about GPUHammer?
In short, no. Nvidia and the researchers agree that this only seems to be affecting workstation and data center GPUs. The researchers even attempted this exploit on an Nvidia RTX 3080 and were unable to get it to work. So, for us plebeians, everything is okay. In addition, BleepingComputer notes that the exploit requires conditions generally not seen in consumer-level computers anyway, so even if consumer GPUs could be exploited, there's very low risk of that actually happening.
If you own a business that uses Nvidia workstation or data center GPUs, then you’ll want to check out the list of affected GPUs. If yours is on it, follow Nvidia's guide for enabling GPU ECC. Once it's enabled, everything should be back to normal.
Topics Cybersecurity Nvidia
