08.04.2026
4 min
168
Iranian state-linked hacking groups have launched a series of attacks against critical US infrastructure using vulnerable industrial control systems. According to US intelligence agencies, the attacks have already caused significant disruptions to energy, water and government services.
GPUs have become the focus of a recent academic study that show RowHammer-type attacks have already reached modern GPUs. The impact could potentially be greater than initially believed and may not only lead to memory failure, but also provide attackers with the capability to achieve privilege elevation (i.e., obtain root) or completely take control of a system.
Researchers identified three versions of such types of attacks: GPUBreach, GDDRHammer and GeForge. GPUBreach garnered the most attention — and thus raised the threat level to a new level.
To summarize, the idea behind GPUBreach is similar to traditional RowHammer techniques — that is, an attacker can modify bits within the GDDR6 memory of a video card via the RowHammer effect; however, instead of merely corrupting data, it provides an attacker the ability to target the GPU’s page table. That page table is a critical part of the overall system.
Therefore, an unprivileged process will be granted arbitrary access to the video card’s memory, and subsequently exploit vulnerabilities in the NVIDIA driver to move up to the kernel level. In reality, this essentially grants an attacker full control over the system, along with obtaining root access.
According to one of the researchers involved in the study, Gururaj Saileshwar from the University of Toronto, GPUBreach offers an attacker the opportunity to bypass IOMMU (the mechanism intended to isolate memory and prevent such attacks).
However, the researchers’ approach differs from simply bypassing protection. They modified the state of trusted driver buffers that have already been granted permission by the system. As a result, an attacker can begin writing beyond their assigned boundaries and ultimately reach the kernel level.
Cloud environments (where GPUs are combined), AI infrastructure and HPC systems are particularly vulnerable due to this method.
It has been common knowledge for some time that RowHammer is a DRAM issue. When memory is accessed intensively, electrical interference occurs that changes bits in neighboring cells. Researchers attempted to mitigate RowHammer using ECC and TRR. However, new research demonstrates that those methods are no longer effective.
In 2025, GPUHammer was developed — the first practical attack of its kind against NVIDIA GPUs with GDDR6 memory. Using this vulnerability, for example, an attacker could decrease the accuracy of machine learning models by approximately 80%.
However, GPUBreach demonstrated significantly more potential. In addition to granting an attacker memory access, the researchers were able to:
extract cryptographic keys from NVIDIA cuPQC,
destroy ML models
grant an attacker complete access to the system regardless if IOMMU was enabled or disabled
At roughly the same time as GPUBreach were released GDDRHammer and GeForge. Like GPUBreach, both GDDRHammer and GeForge also targeted GPU page tables and provided an attacker with read/write access to both video card memory and host memory.
The differences between the two attacks lie in how each implement the attack. For example, GeForge required IOMMU to be disabled when attempting to launch an attack. On the other hand, GDDRHammer did not require IOMMU to be disabled and attacked page tables by modifying access permissions.
However, GPUBreach appears to pose the greatest danger since it does not only grant an attacker memory access — but rather provides an attacker with complete escalation of privileges to the CPU level.
Regarding mitigation/countermeasures — the outlook is less positive currently. One possible short-term fix to thwart these attacks would be to enable ECC on the GPU. It should be noted, however, that attacks such as ECCploit and ECC.fail can easily circumvent this countermeasure.
For consumer-grade GPUs found in laptops/desktops — ECC is frequently unavailable altogether. There exists little to no viable means of protecting against such attacks today.
Ultimately, this appears to represent a serious warning sign for the entire industry. It cannot be assumed anymore that GPUs represent a “memory-safe” device. Considering how extensively they are being utilized in AI and cloud services — the implications could be massive.
