Nvidia(US:NVDA) 量子位·2025-07-20 02:49Core Viewpoint - The article discusses a serious vulnerability discovered in NVIDIA GPUs, specifically through an attack method called GPUHammer, which can drastically reduce the accuracy of AI models running on these GPUs from 80% to as low as 0.02% [1][2][14]. Summary by Sections Vulnerability Discovery - A significant vulnerability in NVIDIA GPUs has been identified by white-hat hackers [1]. - The attack method, GPUHammer, can lead to catastrophic failures in AI model accuracy [2][3]. Attack Mechanism - GPUHammer is described as the first successful Rowhammer attack targeting GPU memory, which is not a software bug but a physical attack [6]. - The attack involves repeatedly "hammering" a specific row in memory, causing bit flips in adjacent rows, thereby altering data [7][8]. - Researchers successfully flipped critical bits in deep learning model weights, leading to severe degradation in model performance [9][10]. Experimental Results - The attack was tested on classic neural network architectures such as AlexNet, VGG, and ResNet, showing that even a single bit flip can lead to a total collapse in model performance [11][12]. - For instance, the accuracy of ResNet50 dropped from 80.26% to 0.02% after the attack [12]. Implications - The GPUHammer attack poses a significant threat to AI infrastructure, potentially leading to misidentifications in autonomous vehicles and misdiagnoses in medical AI applications [13][14]. - In shared GPU environments, malicious tenants could exploit this vulnerability to affect the performance of adjacent workloads [13]. Mitigation Measures - NVIDIA has recommended users enable a system-level error-correcting code (ECC) as a defense against GPUHammer attacks [15][16]. - ECC can correct single-bit errors but is limited in its ability to handle double-bit flips, and enabling it may lead to a performance decrease of 3%-10% [19]. Future Considerations - Different GPU architectures may have varying susceptibility to Rowhammer attacks, with some models like RTX3080 and A100 being less affected due to their distinct DRAM designs [22]. - Future GPU developments may include on-die ECC to enhance protection against such attacks [22]. - The article concludes that as AI technology advances, the need for robust security measures will become increasingly critical, indicating that GPUHammer is just the beginning of potential vulnerabilities [23].