GPUBreach: New GPU Rowhammer Attack Enables Full System Compromise

Severity: High (Score: 66.9)

Sources: Securityaffairs.Co, Scworld, Cybersecuritynews, Heise.De, Infosecurity-Magazine

Summary

Researchers from the University of Toronto have unveiled a new attack named GPUBreach that exploits Rowhammer vulnerabilities in Nvidia's GDDR6 memory. This attack allows privilege escalation from an unprivileged CUDA kernel to root access on the host system without needing to disable the Input-Output Memory Management Unit (IOMMU). By corrupting GPU page tables, attackers can gain arbitrary read/write access to GPU memory and subsequently exploit memory-safety bugs in the Nvidia driver to achieve full system compromise. The attack can manipulate sensitive data, including cryptographic keys and machine learning model weights, significantly impacting AI workloads. The findings will be presented at the IEEE Symposium on Security & Privacy on April 13, 2026. Nvidia has acknowledged the issue and may update its security advisory, while Google awarded the researchers a $600 bug bounty for their discovery. Despite the severity, the current risk level is considered manageable by some industry players. Key Points: • GPUBreach allows full system compromise via GPU Rowhammer attacks without disabling IOMMU. • The attack exploits memory-safety vulnerabilities in Nvidia drivers and corrupts GPU page tables. • Sensitive data, including cryptographic keys, can be manipulated or extracted through this exploit.

Key Entities

• Rowhammer (vulnerability)
• Zero-day Exploit (attack_type)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Ampere Architecture (platform)
• Gddr6 (platform)
• Gddr6 Memory (platform)
• GDDR Memory (platform)
• Iommu (platform)
• CUDA (tool)
• GDDRHammer (tool)
• GeForge (tool)
• GPUBreach (tool)