Nvidia is recommending a mitigation for purchasers of considered one of its GPU product traces that may degrade efficiency by as much as 10 % in a bid to guard customers from exploits that might let hackers sabotage work initiatives and probably trigger different compromises.
The transfer is available in response to an assault a group of educational researchers demonstrated towards Nvidia’s RTX A6000, a broadly used GPU for high-performance computing that’s out there from many cloud providers. A vulnerability the researchers found opens the GPU to Rowhammer, a category of assault that exploits bodily weak point in DRAM chip modules that retailer information.
Rowhammer permits hackers to alter or corrupt information saved in reminiscence by quickly and repeatedly accessing—or hammering—a bodily row of reminiscence cells. By repeatedly hammering rigorously chosen rows, the assault induces bit flips in close by rows, that means a digital zero is transformed to a one or vice versa. Till now, Rowhammer assaults have been demonstrated solely towards reminiscence chips for CPUs, used for basic computing duties.
Like catastrophic mind harm
That modified final week as researchers unveiled GPUhammer, the primary recognized profitable Rowhammer assault on a discrete GPU. Historically, GPUs had been used for rendering graphics and cracking passwords. In recent times, GPUs have change into the workhorses for duties comparable to high-performance computing, machine studying, neural networking, and different AI makes use of. No firm has benefited extra from the AI and HPC increase than Nvidia, which final week grew to become the primary firm to achieve a $4 trillion valuation. Whereas the researchers demonstrated their assault towards solely the A6000, it probably works towards different GPUs from Nvidia, the researchers mentioned.
The researchers’ proof-of-concept exploit was capable of tamper with deep neural community fashions utilized in machine studying for issues like autonomous driving, healthcare functions, and medical imaging for analyzing MRI scans. GPUHammer flips a single bit within the exponent of a mannequin weight—for instance in y, the place a floating level is represented as x instances 2y. The only bit flip can enhance the exponent worth by 16. The result’s an altering of the mannequin weight by a whopping 216, degrading mannequin accuracy from 80 % to 0.1 %, mentioned Gururaj Saileshwar, an assistant professor on the College of Toronto and co-author of an educational paper demonstrating the assault.
