If you're renting GPU time in the cloud, here's something unsettling. Security researchers just demonstrated three new attacks that let a malicious user gain complete root control of a host machine by exploiting Nvidia GPUs.
The attacks use a technique called Rowhammer, which causes bits in memory to flip from 0 to 1 or vice versa. By rapidly accessing, or hammering, specific rows of DRAM memory, attackers create electrical disturbances that corrupt data in nearby rows.
Rowhammer isn't new. Researchers first demonstrated it back in 2014 on DDR3 memory, and by 2015 they showed it could escalate privileges or break out of security sandboxes. What's new is that it now works on high-performance GPU cards.
This matters because GPUs typically cost $8,000 or more, so cloud providers share them among dozens of users. That shared access model just became a lot riskier. If you're one of several users on the same GPU, a bad actor could potentially take over the entire host machine.
Over the past decade, Rowhammer attacks have evolved to target newer memory types and bypass various defenses. Now they've made the jump from CPUs to GPUs, opening up a new attack surface in AI infrastructure.
For anyone running AI workloads on shared cloud GPUs, this is a reminder that hardware-level vulnerabilities can undermine even strong software security. The economics of GPU sharing made sense when these cards were just expensive. Now they might be expensive and exploitable.
