{"id":232311,"date":"2026-04-07T04:38:00","date_gmt":"2026-04-07T08:38:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/07\/new-gpubreach-attack-enables-full-cpu-privilege-escalation-via-gddr6-bit-flips\/"},"modified":"2026-04-07T18:30:10","modified_gmt":"2026-04-07T22:30:10","slug":"new-gpubreach-attack-enables-full-cpu-privilege-escalation-via-gddr6-bit-flips","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/07\/new-gpubreach-attack-enables-full-cpu-privilege-escalation-via-gddr6-bit-flips\/","title":{"rendered":"New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/new-gpubreach-attack-enables-full-cpu.html\">New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/new-gpubreach-attack-enables-full-cpu.html\">https:\/\/thehackernews.com\/2026\/04\/new-gpubreach-attack-enables-full-cpu.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-07 04:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a\u00a0host.<\/p>\n<p>The efforts have been\u00a0codenamed <strong>GPUBreach<\/strong>, <strong>GDDRHammer<\/strong>,\u00a0and <strong>GeForge<\/strong>.<\/p>\n<p>GPUBreach goes a step further\u00a0than GPUHammer, demonstrating for the first time that RowHammer bit-flips in GPU memory can induce much more than data corruption and enable privilege escalation, and lead to a full system compromise.<\/p>\n<p>&#8220;By corrupting GPU page tables via GDDR6 bit-flips, an unprivileged process can gain arbitrary GPU memory read\/write, and then chain that into full CPU privilege escalation \u2014 spawning a root shell \u2014 by exploiting memory-safety bugs in the NVIDIA driver,&#8221; Gururaj Saileshwar, one of the authors of the study and Assistant Professor at the University of\u00a0Toronto, said in a post on\u00a0LinkedIn.<\/p>\n<p>What makes GPUBreach notable is that it works even without having to disable the input\u2013output memory management unit\u00a0(IOMMU),\u00a0a crucial hardware\u00a0component that ensures memory security by preventing Direct Memory Access (DMA) attacks and isolating each peripheral to its own memory\u00a0space.<\/p>\n<p>&#8220;GPUBreach shows it is not enough: by corrupting trusted driver state within IOMMU-permitted buffers, we trigger kernel-level out-of-bounds writes \u2014 bypassing IOMMU protections entirely without needing it disabled,&#8221; Saileshwar added. &#8220;This has serious implications for cloud AI infrastructure, multi-tenant GPU deployments, and HPC environments.&#8221;<\/p>\n<p>RowHammer is a long-standing Dynamic Random-Access Memory (DRAM) reliability error where repeated accesses (i.e., hammering) to a memory row can cause electrical interference that flips bits (changing 0 to 1m or vice versa) in adjacent rows. This\u00a0undermines isolation guarantees fundamental to modern operating systems and sandboxes.<\/p>\n<p>DRAM manufacturers have implemented hardware-level mitigations, such as Error-Correcting Code&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/new-gpubreach-attack-enables-full-cpu.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips https:\/\/thehackernews.com\/2026\/04\/new-gpubreach-attack-enables-full-cpu.html Publish Date: 2026-04-07&#8230;<\/p>\n","protected":false},"author":1,"featured_media":232312,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjD7E4oEicfW1OaHztWEuM4qrsJFnHRPJ41f8R-2VeKUFV3Y59XaBUctumc2R91miQ3dMPnwkEcpPMqFErKmPRJhS3VRceve1GOSGGUsP6WHGIfoQAuVV10JVy312CxGYvmb2xA_eQtuO69bNb-1NzYln9P4xbsFDoPgWG3BEdri4sRRj415XQr1NENZBh0\/s1600\/grpu.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26],"class_list":["post-232311","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232311"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=232311"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232311\/revisions"}],"predecessor-version":[{"id":232313,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232311\/revisions\/232313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/232312"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=232311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=232311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=232311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}