Ethical Hacking News
A new type of attack dubbed GPUBreach enables a system takeover by exploiting vulnerabilities in Graphics Processing Units (GPUs). The attack utilizes Rowhammer-induced bit-flips in GDDR6 memories, corrupting GPU page tables and granting arbitrary GPU memory read/write access to an unprivileged CUDA kernel. This threat has significant implications for AI development and training workloads, as well as consumer GPUs without ECC.
GPUBreach is a new type of attack that exploits vulnerabilities in Graphics Processing Units (GPUs) to enable system takeover. The attack, dubbed GPUBreach, uses Rowhammer-induced bit-flips in GDDR6 memories to escalate privileges and compromise the system. Researchers at the University of Toronto discovered the attack and presented it at the IEEE Symposium on Security & Privacy on April 13, 2026. The attack can chain into CPU-side escalation by exploiting memory-safety bugs in the NVIDIA driver, leading to complete system compromise. GPUBreach shows that GPU Rowhammer attacks can move beyond data corruption to real privilege escalation. The researchers reported their findings to NVIDIA, Google, AWS, and Microsoft, and received a $600 bug bounty from Google. IOMMU is insufficient against GPUBreach if GPU-controlled memory can corrupt trusted driver state, making ECC memory the only reliable solution for consumer GPUs.
A recent discovery has shed light on a new type of attack that can enable a system takeover by exploiting vulnerabilities in Graphics Processing Units (GPUs). The attack, dubbed GPUBreach, utilizes Rowhammer-induced bit-flips in GDDR6 memories to escalate privileges and ultimately lead to a full system compromise.
Developed by a team of researchers at the University of Toronto, GPUBreach was presented at the upcoming IEEE Symposium on Security & Privacy on April 13, 2026. The researchers demonstrated that Rowhammer-induced bit flips in GDDR6 can corrupt GPU page tables (PTEs) and grant arbitrary GPU memory read/write access to an unprivileged CUDA kernel.
An attacker may then chain this into a CPU-side escalation by exploiting memory-safety bugs in the NVIDIA driver, potentially leading to complete system compromise without the need to disable Input-Output Memory Management Unit (IOMMU) protection. IOMMU is a hardware unit that protects against direct memory attacks. It controls and restricts how devices access memory by managing which memory regions are accessible to each device.
Despite being an effective measure against most direct memory access (DMA) attacks, IOMMU does not stop GPUBreach. According to the researchers, "GPUBreach shows that GPU Rowhammer attacks can move beyond data corruption to real privilege escalation." The researchers explain that by corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read/write, and then chain that capability into CPU-side escalation by exploiting newly discovered memory-safety bugs in the NVIDIA driver.
"The result is system-wide compromise up to a root shell, without disabling IOMMU, unlike contemporary works, making GPUBreach a more potent threat," they stated. The researchers exemplified the results with an NVIDIA RTX A6000 GPU with GDDR6, which is widely used in AI development and training workloads.
The University of Toronto researchers reported their findings to NVIDIA, Google, AWS, and Microsoft on November 11, 2025. Google acknowledged the report and awarded the researchers a $600 bug bounty. NVIDIA stated that it may update its existing security notice from July 2025 to include the newly discovered attack possibilities.
As demonstrated by the researchers, IOMMU alone is insufficient if GPU-controlled memory can corrupt trusted driver state. Users at risk should rely solely on IOMMU for security. Error Correcting Code (ECC) memory helps correct single-bit flips and detect double-bit flips but is not reliable against multi-bit flips. Ultimately, GPUBreach is completely unmitigated for consumer GPUs without ECC.
The researchers will publish the full details of their work, including a technical paper and a GitHub repository with the reproduction package and scripts, on April 13. In conclusion, the recent discovery of GPUBreach highlights the importance of monitoring emerging threats and staying up-to-date with the latest security measures to prevent system takeovers.
Related Information:
https://www.ethicalhackingnews.com/articles/New-GPU-Rowhammer-Attack-Enables-System-Takeover-via-GPU-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/
https://arstechnica.com/security/2026/04/new-rowhammer-attacks-give-complete-control-of-machines-running-nvidia-gpus/
https://www.techspot.com/news/111946-new-rowhammer-attack-can-grant-kernel-level-control.html
Published: Mon Apr 6 17:51:16 2026 by llama3.2 3B Q4_K_M
