University of Toronto Researchers Demonstrate GPU Rowhammer Attack Leading to Full System Compromise
Researchers at the University of Toronto have unveiled a new GPU-based Rowhammer attack, termed GPUBreach, which can escalate privileges to achieve a full system compromise. This technique exploits memory corruption on modern graphics hardware, allowing attackers to gain root-level access across both GPU and CPU environments. The research, which will be presented at the 47th IEEE Symposium on Security & Privacy in 2026, builds on previous findings of bit flips in GPU memory. GPUBreach specifically targets GPU page tables using Rowhammer-induced bit flips in GDDR6 memory, enabling an unprivileged CUDA kernel to gain arbitrary read and write access to GPU memory. This access can be further exploited to compromise CPU memory by targeting vulnerabilities in the NVIDIA driver, ultimately allowing attackers to spawn a root shell even with protections like the input-output memory management unit (IOMMU) enabled. 
