New Rowhammer attacks give complete control of machines running Nvidia GPUs
Summary
Researchers have developed new Rowhammer attacks, named GDDRHammer and GeForgeHammer, that can target the memory of Nvidia GPUs. These attacks, by compromising the GPU's memory, can lead to complete control over the machine's CPU.
IFF Assessment
This is bad news for defenders as it demonstrates a new and potentially widespread attack vector that can bypass traditional CPU-centric security measures by exploiting GPU memory vulnerabilities.
Severity
The CVSS score is estimated high due to the potential for complete system control (Privilege Escalation), the ability to exploit without user interaction (Attack Vector: Network/Adjacent, though likely local initially), and the high impact on confidentiality, integrity, and availability. The vulnerability allows attackers to overwrite arbitrary memory locations, leading to full system compromise.
Defender Context
Defenders need to be aware of novel attack paths that leverage seemingly unrelated hardware components like GPUs to compromise core system integrity. This highlights the increasing need for hardware-level security considerations and potentially more integrated security solutions that monitor both CPU and GPU operations.