GPUBreach Attack Uses GPU Rowhammer to Achieve Full System Compromise
Researchers demonstrate GPUBreach, a GPU-based Rowhammer attack that corrupts GDDR6 memory to escalate privileges and gain root-level access across GPU and CPU environments.
Researchers at the University of Toronto have developed GPUBreach, a novel GPU-based Rowhammer attack that targets GDDR6 memory to escalate privileges and achieve full system compromise. The technique, set to be presented at the 47th IEEE Symposium on Security & Privacy in 2026, builds on prior work that identified bit flips in GPU memory but did not achieve targeted control or privilege escalation.
GPUBreach focuses on corrupting GPU page tables, which manage memory access on the device. By using Rowhammer-induced bit flips in GDDR6 memory, an unprivileged CUDA kernel can gain arbitrary read and write access to GPU memory. This access is then leveraged to exploit memory-safety vulnerabilities in the NVIDIA driver, extending the attack from the GPU to CPU memory.
The end result is full system control, including the ability to spawn a root shell, even when widely recommended protections such as the input-output memory management unit (IOMMU) remain enabled. The researchers demonstrated several consequences: arbitrary GPU memory access across processes, leakage of cryptographic keys during GPU-based operations, and manipulation of machine learning models (reducing accuracy from 80% to 0%). They also showed that sensitive data such as large language model (LLM) weights could be extracted.
The findings challenge existing assumptions about GPU security. While error-correcting code (ECC) memory can mitigate some bit corruption, it is not foolproof—multiple bit flips may go undetected. As GPUs become central to high-performance computing, AI, and cryptographic operations, the research suggests that current defensive measures require significant reassessment. The attack does not have a CVE identifier yet but highlights a growing class of hardware-level threats to GPU-accelerated systems.