New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

Staff Editor 2026-04-07
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

https://thehackernews.com/2026/04/new-gpubreach-attack-enables-full-cpu.html

Publish Date: 2026-04-07 04:38:00

Source Domain: thehackernews.com

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host.

The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge.

GPUBreach goes a step further than GPUHammer, demonstrating for the first time that RowHammer bit-flips in GPU memory can induce much more than data corruption and enable privilege escalation, and lead to a full system compromise.

“By corrupting GPU page tables via GDDR6 bit-flips, an unprivileged process can gain arbitrary GPU memory read/write, and then chain that into full CPU privilege escalation — spawning a root shell — by exploiting memory-safety bugs in the NVIDIA driver,” Gururaj Saileshwar, one of the authors of the study and Assistant Professor at the University of Toronto, said in a post on LinkedIn.

What makes GPUBreach notable is that it works even without having to disable the input–output memory management unit (IOMMU), a crucial hardware component that ensures memory security by preventing Direct Memory Access (DMA) attacks and isolating each peripheral to its own memory space.

“GPUBreach shows it is not enough: by corrupting trusted driver state within IOMMU-permitted buffers, we trigger kernel-level out-of-bounds writes — bypassing IOMMU protections entirely without needing it disabled,” Saileshwar added. “This has serious implications for cloud AI infrastructure, multi-tenant GPU deployments, and HPC environments.”

RowHammer is a long-standing Dynamic Random-Access Memory (DRAM) reliability error where repeated accesses (i.e., hammering) to a memory row can cause electrical interference that flips bits (changing 0 to 1m or vice versa) in adjacent rows. This undermines isolation guarantees fundamental to modern operating systems and sandboxes.

DRAM manufacturers have implemented hardware-level mitigations, such as Error-Correcting Code…

Source

More Stories

White House targets Cybersecurity and Infrastructure Security Agency with 7M budget cut

White House targets Cybersecurity and Infrastructure Security Agency with $707M budget cut

Staff Editor 2026-04-07
Snowmass suspends gosnowmass.com after cybersecurity incident

Snowmass suspends gosnowmass.com after cybersecurity incident

Staff Editor 2026-04-07
Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

Staff Editor 2026-04-07

Terms and Conditions - Privacy Policy