08.04.2026
3 min
172
Researchers have introduced a new type of attack called GPUBreach, which shows that a graphics card can be an entry point for a complete system takeover. In some cases, an attacker can elevate privileges to root level and effectively gain control of the entire machine.
Recent research has confirmed that RowHammer attacks have been carried out on modern GPUs, and that the effects may be far worse than what was initially expected. While the damage caused by RowHammer typically results in memory failure, with GPUBreach, and other recent examples of RowHammer-based attacks (GDDRHammer and GeForge), we’re looking at a potential for full privilege escalation, and total control of the target system.
Researchers identified three separate types of attacks; GPUBreach, GDDRHammer, and GeForge. The GPUBreach attack generated the largest amount of buzz, and elevated the risk factor for RowHammer-based attacks to a new high.
In summary, researchers found that an attacker can exploit the classic RowHammer effect to alter bits in the GDDR6 memory located on a video card. Initially, this type of attack was limited to causing memory corruption. Now, however, this method of attack has expanded to include targeting the GPU page tables. These pages represent a key area of the system. As a result of a successful GPUBreach-type of attack, an unprivileged process will receive unrestricted access to GPU memory. Once the unprivileged process gains access to GPU memory, the researcher believes that the attackers will use weaknesses in the NVIDIA drivers to escalate their attack to the kernel level. In many cases, this represents the final step toward gaining full control of the target system — including root access.
According to one of the authors of the research paper, Gururaj Saileshwar from the University of Toronto, when an attacker successfully exploits a vulnerability via GPUBreach or similar methods, they are effectively able to circumvent even the presence of IOMMU. IOMMU is essentially designed to provide memory isolation and prevent unauthorized access to areas of memory that contain sensitive information.
However, instead of attempting to bypass IOMMU protections directly, researchers discovered that the attackers simply altered the states associated with trusted buffer pools that are inherently permitted by the operating system. When this happens, the buffer pool becomes capable of accepting write requests beyond its normal boundaries and into regions that would normally be inaccessible, ultimately allowing the attacker to reach the kernel layer.
Because cloud computing systems increasingly rely upon shared GPUs and similarly, due to the growing reliance upon GPUs within HPC environments and those environments that utilize artificial intelligence (AI) applications, the implications are particularly dire.
For years, RowHammer was seen as a DRAM-related issue. Memory access patterns cause electrical interference that alters bits in adjacent memory cells. To mitigate RowHammer attacks, researchers attempted to employ techniques such as ECC and TRR. Unfortunately, based on recent research findings, none of these efforts offer adequate protection.
Prior to GPUBreach, in 2025, GPUHammer emerged as the first viable and functional attack of this nature specifically targeted at NVIDIA GPUs containing GDDR6 memory. Although GPUHammer had significant impacts on certain memory-intensive workloads (such as reducing accuracy in machine learning models by approximately 80%), it represented merely a “baby-step” compared to GPUBreach.
GPUBreach expands beyond memory access to include additional capabilities, such as:
extracting cryptographic keys from NVIDIA cuPQC,
reducing performance in Machine Learning Models
achieving root-level control over the target system while IOMMU is active
At roughly the same time as GPUBreach appeared in public view, two other attacks emerged: GDDRHammer and GeForge. Like GPUBreach, both of these attacks target GPU page tables and enable both read/write operations to both host system memory and video card memory.
While GDDRHammer operates independently of IOMMU, GeForge does require IOMMU to be disabled prior to exploitation.
GPUBreach appears to be potentially the most destructive variant of these attacks because it provides not just memory access rights but also allows for full escalation of privileges up to the CPU layer.
Currently, there do not appear to be sufficient measures being taken to adequately protect against these attacks. The best current option may involve enabling ECC support on your GPU; however, it is worth noting that RowHammer-related attacks (ECCploit/ECC.fail) have demonstrated ways around this mitigation technique.
Unfortunately, due to cost considerations related to the inclusion of ECC-enabled chips, for most standard consumer-grade GPUs used in laptops/desktops ECC is either unavailable or absent altogether.
