Nvidia urges customers to enable system-level error correction code (ECC) as a defense against a rowhammer attack displayed against their graphics processing units (GPU).
The GPU manufacturer said in an advisor released this week, “Risk exploitation at risk of successful exploitation varies depending on the DRAM device, platform, design specification and system settings.”
The dubbed GPUhammer, the attacks marked the NVIDIA GPU (eg, with the GDDR6 memory with GPU (eg, with the GDDR6 memory) first to mark the first Rohemar exploitation, which can tissue with other user data by triggering bit flips in malicious GPU user GPU memory.
The most results of this behavior, Toronto’s researchers found, the University of Toronto, an artificial intelligence (AI) accuracy is less than 80% to 1%.
Rowhammer is for modern dramas such as spectors and meltdowns are for contemporary CPU. While both are hardware-level security weaknesses, Rowhammer DRAM targets the physical behavior of memory, while the Spector exploits speculative execution in CPU.
Rowhammer repeatedly causes bit flip in nearby memory cells due to electrical intervention in staming from memory access, while sector and meltdown attackers allow the attackers to obtain privilege from memory through a side-channel attack, possibly leaking sensitive data.
In 2022, academics from Michigan and Georgia Tech University described a technology called Specmer that connects Rohemmer and Spector to launch speculative attacks. The approach triggers a speaker V1 attack using Rauhemar bit-flips to include malicious values in essentially suffering gadgets.
GPuhammer is the latest version of Rowhammer, but a target is capable of inspiring bit flip in NVIDIA GPU despite the presence of fresh rates (TRR).
In a proof-of-concept developed by researchers, the victim’s imagenet deep neural network (DNN) model can reduce model accuracy by 80% to 0.1% using single-bit flip for tampering with models.
Exploitation such as GPUhammer threatens the integrity of the AI model, which is rapidly dependent on the GPU for parallel processing and computely completes demanded functions, not to mention the surface of a new attack for cloud platforms.
To reduce the risk generated by GPUhammer, “Nvidia -SMI -E 1.” It is advisable to enable ECC through. New Nvidia GPUs such as H100 or RTX 5090 are not affected by them due to the specialty of on-dye ECC, which helps in detecting and correcting errors arising due to fluctuations in voltage associated with small, intensive memory chips.
“This risk can be reduced by enabling the error correction code (ECC), but the ECC can introduce 10% for recession [machine learning] An A6000 GPU, “Chris (Sha Shaopeng) Lynn, Joyce Qu, and Gurraj Seleshwar, uses the charge on key authors of the study, adding it to the memory capacity to reduce the memory capacity by 6.25%.
This disclosure comes as researchers from NTT Social Informatics Laboratories and Centrallasules, who presents Crawhemmer, a type of Rohemar attack that enables a significant recovery attack against the subsequent quantum signature scheme of Falcon (FIPS 206), which has been selected for acceptance by NIST.
“Using Rowhammer, we target RCDT of Falcon [reverse cumulative distribution table] The study states that to trigger a very small number of targeted bit flip, and prove that the resulting distribution is sufficiently slanting for a significant recovery attack.
“We show that a single targeted bit flip is sufficient to fix the key to signed a fully, given a few hundred million signature, enables significant recovery with less bit flips with more bit flips.”
