This work identifies a novel thermal vulnerability in 3D-stacked high-bandwidth memory (HBM) architectures, arising from the physical proximity of memory banks in both vertical and lateral dimensions. Attackers can induce localized thermal hotspots—and consequent performance degradation—via legitimate memory access patterns, without violating memory safety or requiring out-of-bounds accesses. We propose the first side-channel attack model grounded in thermal conduction modeling and 3D temperature simulation, integrated with microarchitectural power-thermal coupling analysis and memory scheduler evaluation to assess feasibility and stealthiness. Experimental results demonstrate that the attack reduces target application performance by over 40% while remaining undetectable by conventional security mechanisms reliant on illegal access detection. Our findings expose a critical gap in HBM thermal security and provide both theoretical foundations and empirical evidence to guide thermally resilient HBM design.

3D-stacked High Bandwidth Memory (HBM) architectures provide high-performance memory interactions to address the well-known performance challenge, namely the memory wall. However, these architectures are susceptible to thermal vulnerabilities due to the inherent vertical adjacency that occurs during the manufacturing process of HBM architectures. We anticipate that adversaries may exploit the intense vertical and lateral adjacency to design and develop thermal performance degradation attacks on the memory banks that host data/instructions from victim applications. In such attacks, the adversary manages to inject short and intense heat pulses from vertically and/or laterally adjacent memory banks, creating a convergent thermal wave that maximizes impact and delays the victim application from accessing its data/instructions. As the attacking application does not access any out-of-range memory locations, it can bypass both design-time security tests and the operating system's memory management policies. In other words, since the attack mimics legitimate workloads, it will be challenging to detect.