GPUBreach: Privilege Escalation Attacks on GPUs using Rowhammer

TL;DR

This paper demonstrates that GPU Rowhammer attacks can be used for privilege escalation, enabling unprivileged CUDA kernels to access and tamper with other processes' GPU memory and potentially gain system-wide control.

Contribution

It introduces a novel GPU Rowhammer exploit that leverages page table management to achieve privilege escalation, a capability not previously demonstrated on GPUs.

Findings

GPU Rowhammer can be used for privilege escalation.

Unprivileged CUDA kernels can access other processes' GPU memory.

Attacks can lead to system-wide control even without multi-tenancy.

Abstract

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits shown capable of privilege escalation. In this paper, we demonstrate that GPU Rowhammer exploits can be as potent as CPU Rowhammer attacks. By exploiting the GPU page table management to identify when and where new page tables are allocated, we enable an unprivileged user CUDA kernel of one process to use RowHammer bit-flips to gain access to the GPU memory of other processes or co-tenants via targeted tampering of such page-tables resident on the GPU memory. Using this newly found primitive, we demonstrate the first GPU-side privilege escalation attacks, leaking secret data such as cryptographic keys from cuPQC libraries, and even tampering with the model's GPU assembly code to degrade models more stealthily than previous attacks. We further demonstrate that GPU-side privilege escalation can lead to CPU-side privilege escalation, defeating the protections provided by the IOMMU, enabling a malicious user-level program with GPU access to gain root shell and system-wide control, even in a non-multi-tenant setting.