Researchers at the University of Toronto have developed GPUBreach, a new attack that exploits Rowhammer bit-flips in GDDR6 GPU memory to corrupt GPU page tables, granting arbitrary memory read/write access to an unprivileged CUDA kernel. This can then be chained into CPU-side privilege escalation via memory-safety bugs in the NVIDIA driver, achieving full system compromise including a root shell — all without disabling IOMMU protection. The attack was demonstrated on an NVIDIA RTX A6000 GPU. Consumer GPUs without ECC memory are completely unmitigated. NVIDIA, Google, AWS, and Microsoft were notified in November 2025; full technical details will be published on April 13 at the IEEE Symposium on Security & Privacy.
Sort: