diff --git a/src/hardware-physical-access/physical-attacks.md b/src/hardware-physical-access/physical-attacks.md index 18ea78b4776..198cf8805e0 100644 --- a/src/hardware-physical-access/physical-attacks.md +++ b/src/hardware-physical-access/physical-attacks.md @@ -26,6 +26,27 @@ RAM retains data briefly after power is cut, usually for **1 to 2 minutes**. Thi --- +## GPU Rowhammer Against Page Tables + +Modern GPU Rowhammer attacks become much more useful when they target **GPU virtual-memory metadata** instead of ordinary buffers. Recent work on **GDDR6 NVIDIA Ampere GPUs** shows that an attacker running unprivileged CUDA code can build GPU-specific hammering patterns, use **memory massaging** to place paging structures in vulnerable rows, and then flip bits in the **last-level page table** or an intermediate **page directory**. Once a single translation entry is corrupted, the attacker can bootstrap **arbitrary GPU memory read/write** and then pivot into host compromise. + +### Exploitation Pattern + +1. **Profile hammerable rows** in GDDR6 and build refresh-aware / non-uniform hammering patterns that bypass in-DRAM mitigations. +2. **Massage GPU allocations** so the driver places page-translation structures in hammerable physical locations instead of keeping them in the default protected pool. In practice this can mean exhausting the low-memory page-table region and spraying large sparse UVM mappings with controlled strides. +3. **Flip translation metadata** such as **PFN** or aperture-related bits inside a page-table / page-directory entry so the attacker-controlled virtual page resolves to page-table pages, arbitrary GPU memory, or host-visible system mappings. +4. Reuse the forged mapping to rewrite additional translation entries and escalate into **arbitrary GPU memory read/write** across GPU contexts. + +### Host Pivot and Mitigations + +- With **IOMMU disabled**, forged system-aperture mappings can expose arbitrary **host physical memory** to the GPU, turning the GPU primitive into full host compromise. +- **GDDRHammer** targets last-level page-table entries, while **GeForge** shows that corrupting a page-directory level can be easier because one bit flip can retarget a larger translation subtree. Do not treat only one paging layer as security-critical. +- **IOMMU** still matters because it blocks the direct arbitrary-host-memory path used by GDDRHammer/GeForge, but it is **not a complete mitigation**. **GPUBreach** shows a second-stage pivot where the attacker corrupts GPU-writable, driver-owned CPU buffers and then triggers NVIDIA driver memory-safety bugs to obtain a kernel write primitive and a **root shell** even with IOMMU enabled. +- **System-level ECC** is a practical hardening step on supported workstation/server GPUs. Consumer GPUs without ECC expose a weaker defense surface. +- These attacks are not purely theoretical: **GeForge** reported **1,171** bit flips on an RTX 3060 and **202** on an RTX A6000, which was enough to build a working host-privilege-escalation chain. + +--- + ## Direct Memory Access (DMA) Attacks **INCEPTION** is a tool designed for **physical memory manipulation** through DMA, compatible with interfaces like **FireWire** and **Thunderbolt**. It allows for bypassing login procedures by patching memory to accept any password. However, it's ineffective against **Windows 10** systems. @@ -173,6 +194,11 @@ After the tenth cycle the EC sets a flag that instructs the BIOS to wipe NVRAM a ## References +- [Bruce Schneier - Rowhammer Attack Against NVIDIA Chips](https://www.schneier.com/blog/archives/2026/05/rowhammer-attack-against-nvidia-chips.html) +- [GDDRHammer: Greatly Disturbing DRAM Rows — Cross-Component Rowhammer Attacks from Modern GPUs](https://gddr.fail/files/gddrhammer.pdf) +- [GeForge: Hammering GDDR Memory to Forge GPU Page Tables for Fun and Profit](https://stefan1wan.github.io/files/GeForge.pdf) +- [GPUBreach: Privilege Escalation Attacks on GPUs using Rowhammer](https://gururaj-s.github.io/assets/pdf/SP26_GPUBreach.pdf) +- [NVIDIA - Security Notice: Rowhammer - July 2025](https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025) - [Pentest Partners – “Framework 13. Press here to pwn”](https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/) - [FrameWiki – Mainboard Reset Guide](https://framewiki.net/guides/mainboard-reset) - [SensePost – “Noooooooo Touch! – Bypassing IR No-Touch Exit Sensors with a Covert IR Torch”](https://sensepost.com/blog/2025/noooooooooo-touch/)