据悉，这组漏洞链由三个漏洞组成，分别为CVE-2025-23320、CVE-2025-23319和CVE-2025-23334。当攻击者发送一个超大请求超出共享内存限制时，CVE- 2025-23320会触发异常，返回的错误信息将暴露后端内部IPC（进程间通信）共享内存区的唯一标识符（key）。攻击者利用上述标识符，可通过CVE-2025- 23319执行越界写入，以及通过CVE-2025-23334实现越界读。 英伟达Triton是一个通用的推理平台，旨在帮助开发者简化AI模型在各种框架上的部署和运行。然而，其通用的设计和复杂的进程间通信机制，却成了安全 隐患。 英伟达目前已经发布补丁。但是，所有25.07版本之前的系统都处于"裸奔状态"，用户需将Triton Inference Server更新到最新版本。 近日，安全研究机构Wiz Research曝光了英伟达Triton推理服务器的一组高危漏洞链，这一发现引发了业界的广泛关注。 该漏洞链可被组合利用，实现远程代码执行（RCE），攻击者能够读取或篡改共享内存中的数据，操纵模型输出，甚至控制整个推理后端的行为。这意味着 云端AI模型面临着模型被盗、数据泄露 ...

Core Viewpoint - The article discusses a serious vulnerability discovered in NVIDIA GPUs, specifically through an attack method called GPUHammer, which can drastically reduce the accuracy of AI models running on these GPUs from 80% to as low as 0.02% [1][2][14]. Summary by Sections Vulnerability Discovery - A significant vulnerability in NVIDIA GPUs has been identified by white-hat hackers [1]. - The attack method, GPUHammer, can lead to catastrophic failures in AI model accuracy [2][3]. Attack Mechanism - GPUHammer is described as the first successful Rowhammer attack targeting GPU memory, which is not a software bug but a physical attack [6]. - The attack involves repeatedly "hammering" a specific row in memory, causing bit flips in adjacent rows, thereby altering data [7][8]. - Researchers successfully flipped critical bits in deep learning model weights, leading to severe degradation in model performance [9][10]. Experimental Results - The attack was tested on classic neural network architectures such as AlexNet, VGG, and ResNet, showing that even a single bit flip can lead to a total collapse in model performance [11][12]. - For instance, the accuracy of ResNet50 dropped from 80.26% to 0.02% after the attack [12]. Implications - The GPUHammer attack poses a significant threat to AI infrastructure, potentially leading to misidentifications in autonomous vehicles and misdiagnoses in medical AI applications [13][14]. - In shared GPU environments, malicious tenants could exploit this vulnerability to affect the performance of adjacent workloads [13]. Mitigation Measures - NVIDIA has recommended users enable a system-level error-correcting code (ECC) as a defense against GPUHammer attacks [15][16]. - ECC can correct single-bit errors but is limited in its ability to handle double-bit flips, and enabling it may lead to a performance decrease of 3%-10% [19]. Future Considerations - Different GPU architectures may have varying susceptibility to Rowhammer attacks, with some models like RTX3080 and A100 being less affected due to their distinct DRAM designs [22]. - Future GPU developments may include on-die ECC to enhance protection against such attacks [22]. - The article concludes that as AI technology advances, the need for robust security measures will become increasingly critical, indicating that GPUHammer is just the beginning of potential vulnerabilities [23].