Full Report
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
Analysis Summary
# Vulnerability: GPUBreach - Privilege Escalation via GPU GDDR6 Rowhammer
## CVE Details
- **CVE ID**: Not yet assigned (NVIDIA may update existing advisory [5671] to include these findings).
- **CVSS Score**: Estimated 8.8 - 9.3 (Critical/High).
- **CWE**: CWE-1262: Improper Control of Physical Energy Functions (Rowhammer).
## Affected Systems
- **Products**: NVIDIA GPUs utilizing GDDR6 memory (specifically tested/demonstrated on RTX A6000).
- **Versions**: Most current NVIDIA drivers for Linux/Windows (specifically those managing GDDR6 PTEs).
- **Configurations**: Systems running unprivileged CUDA kernels; consumer GPUs without ECC (Error Correcting Code) are most vulnerable.
## Vulnerability Description
GPUBreach is an advanced Rowhammer-based attack targeting GDDR6 memory. By inducing bit-flips in high-frequency memory modules, the attack specifically targets GPU Page Table Entries (PTEs). Corrupting these tables allows an unprivileged CUDA kernel to gain arbitrary read/write access to GPU memory. This capability is then chained with memory-safety vulnerabilities in the NVIDIA kernel driver to escalate privileges to the CPU side. Notably, the attack bypasses IOMMU (Input-Output Memory Management Unit) protections, as it manipulates trusted driver states from within the GPU's own memory domain.
## Exploitation
- **Status**: PoC available (scheduled for release April 13, 2026).
- **Complexity**: High (requires precise timing and memory layout manipulation).
- **Attack Vector**: Local (requires the ability to run unprivileged CUDA code on the target system).
## Impact
- **Confidentiality**: Total (Arbitrary memory read access).
- **Integrity**: Total (Arbitrary memory write access/System takeover).
- **Availability**: Total (Potential for full system crash or persistent compromise).
## Remediation
### Patches
- **NVIDIA**: No specific "patch" can fully resolve the hardware-level Rowhammer vulnerability, but driver updates are anticipated to address the memory-safety bugs used for the CPU-side escalation.
- **Cloud Providers**: Google, AWS, and Microsoft were notified Nov 2025; internal infrastructure mitigations are likely in progress.
### Workarounds
- **Enable ECC**: For professional/workstation GPUs (like the RTX A-series), enable "System Level Error-Correcting Code" via NVIDIA control panels to detect/correct single-bit flips.
- **Restrict CUDA Access**: Limit the ability of untrusted users or applications to execute arbitrary CUDA kernels.
## Detection
- **Indicators of Compromise**: Unusually high memory bus traffic and parity error logs in system telemetry.
- **Detection methods and tools**:
- Monitor for unexpected Page Faults or ECC error events in NVIDIA-SMI logs.
- Reproduction scripts and detection tools are scheduled for release in the official GitHub repository.
## References
- University of Toronto Research: hxxps[://]gpubreach[.]ca/
- NVIDIA Security Notice (July 2025): hxxps[://]nvidia[.]custhelp[.]com/app/answers/detail/a_id/5671
- Technical Paper: hxxps[://]gururaj-s[.]github[.]io/assets/pdf/SP26_GPUBreach[.]pdf
- GitHub Repository: hxxps[://]github[.]com/sith-lab/gpubreach