CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

GPUBreach attack leverages GDDR6 Rowhammer to escalate privileges and compromise systems via NVIDIA driver flaws

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated a new Rowhammer-based attack named GPUBreach that induces bit-flips in GDDR6 GPU memory to corrupt GPU page tables (PTEs), granting an unprivileged CUDA kernel arbitrary read/write access to GPU memory. This capability is chained with memory-safety vulnerabilities in the NVIDIA driver to escalate privileges from an unprivileged CUDA context to full system compromise, achieving root access without disabling IOMMU protection. The attack bypasses IOMMU by corrupting trusted driver state via GPU-controlled memory, making it effective even on systems with hardware memory isolation enabled. The vulnerability is demonstrated on NVIDIA RTX A6000 GPUs with GDDR6 memory, widely deployed in AI workloads, and does not rely on disabling IOMMU, distinguishing it from prior GPU Rowhammer research.

Timeline

  1. 07.04.2026 00:44 1 articles · 2h ago

    GPUBreach attack enables full system compromise via GDDR6 Rowhammer on NVIDIA GPUs

    Researchers disclosed a new Rowhammer-based attack named GPUBreach that corrupts GPU page tables (PTEs) in GDDR6 memory, granting unprivileged CUDA kernels arbitrary GPU memory access. This capability is chained with memory-safety bugs in the NVIDIA driver to escalate privileges to root without disabling IOMMU, bypassing hardware memory isolation. The attack was demonstrated on NVIDIA RTX A6000 GPUs and is unmitigated for consumer GPUs without ECC. Full technical details will be presented at the IEEE Symposium on Security & Privacy on April 13, 2026.

    Show sources
    Open in new tab

Information Snippets

  • GPUBreach exploits Rowhammer-induced bit-flips in GDDR6 GPU memory to corrupt GPU page tables (PTEs), enabling arbitrary read/write access to GPU memory from an unprivileged CUDA kernel.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources

  • The attack chains the GPU privilege escalation with memory-safety bugs in the NVIDIA driver to achieve full system compromise and root shell access without disabling IOMMU.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources

  • IOMMU protection is bypassed because GPUBreach corrupts trusted driver state via GPU-controlled memory, rendering hardware memory isolation ineffective against this attack.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources

  • The vulnerability is demonstrated on NVIDIA RTX A6000 GPUs with GDDR6 memory, a model widely used in AI development and training environments.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources

  • NVIDIA was notified of the findings on November 11, 2025, and may update its July 2025 security notice to include GPUBreach-related risks.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources

  • Google awarded a $600 bug bounty to the researchers for their disclosure of GPUBreach.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources

  • Prior GPU Rowhammer research (GPUHammer) demonstrated the practicality of Rowhammer attacks on GPUs, prompting NVIDIA to recommend enabling System Level ECC mitigation for GDDR6 memory.

    First reported: 07.04.2026 00:44
    1 source, 1 article
    Show sources