Nvidia is recommending a mitigation for purchasers of one in every of its GPU product strains that can degrade efficiency by as much as 10 p.c in a bid to guard customers from exploits that would let hackers sabotage work tasks and presumably trigger different compromises.
The transfer is available in response to an assault a workforce of educational researchers demonstrated in opposition to Nvidia’s RTX A6000, a broadly used GPU for high-performance computing that’s out there from many cloud providers. A vulnerability the researchers found opens the GPU to Rowhammer, a category of assault that exploits bodily weak point in DRAM chip modules that retailer information.
Rowhammer permits hackers to alter or corrupt information saved in reminiscence by quickly and repeatedly accessing—or hammering—a bodily row of reminiscence cells. By repeatedly hammering fastidiously chosen rows, the assault induces bit flips in close by rows, that means a digital zero is transformed to a one or vice versa. Till now, Rowhammer assaults have been demonstrated solely in opposition to reminiscence chips for CPUs, used for common computing duties.
Like catastrophic mind harm
That modified final week as researchers unveiled GPUhammer, the primary identified profitable Rowhammer assault on a discrete GPU. Historically, GPUs had been used for rendering graphics and cracking passwords. Lately, GPUs have grow to be the workhorses for duties equivalent to high-performance computing, machine studying, neural networking, and different AI makes use of. No firm has benefited extra from the AI and HPC growth than Nvidia, which final week turned the primary firm to succeed in a $4 trillion valuation. Whereas the researchers demonstrated their assault in opposition to solely the A6000, it seemingly works in opposition to different GPUs from Nvidia, the researchers mentioned.
The researchers’ proof-of-concept exploit was capable of tamper with deep neural community fashions utilized in machine studying for issues like autonomous driving, healthcare purposes, and medical imaging for analyzing MRI scans. GPUHammer flips a single bit within the exponent of a mannequin weight—for instance in y, the place a floating level is represented as x occasions 2y. The only bit flip can improve the exponent worth by 16. The result’s an altering of the mannequin weight by a whopping 216, degrading mannequin accuracy from 80 p.c to 0.1 p.c, mentioned Gururaj Saileshwar, an assistant professor on the College of Toronto and co-author of an educational paper demonstrating the assault.
