GPUBreach attack technique uses GPU memory bit-flips to escalate privileges and potentially take full control of a system.New research shows that attacks like GPUBreach exploit RowHammer bit-flips in GPU memory (GDDR6) to go beyond data corruption. Attackers can use this technique to escalate privileges and, in some cases, gain full control of the system. Unlike earlier GPUHammer methods, this approach proves that GPU memory faults can directly impact CPU-level security, making the threat more serious.“GPUBreach shows that GPU Rowhammer attacks can move beyond data corruption to real privilege escalation. By corrupting GPU page tables, an unprivileged CUDA kernel can gain arbitrary GPU memory read/write, and then chain that capability into CPU-side escalation by exploiting newly discovered memory-safety bugs in the NVIDIA driver.” reads the post published by the experts. “The result is system-wide compromise up to a root shell, without disabling IOMMU, unlike contemporary works, making GPUBreach a more potent threat.”By targeting GPU page tables in memory, attackers can manipulate them through bit flips and gain full control over GPU memory.Researchers overcame key challenges by locating page tables, efficiently filling memory, and placing them near vulnerable regions. This enables arbitrary read/write access, data theft (including cryptographic keys), and ML manipulation.“Leakage of secret keys from NVIDIA cuPQC, a library used to accelerate post-quantum cryptography, when keys reside in GPU DRAM during operations such as key exchange.” continues the post. “By tampering with one branch in cuBLAS SASS in GPU memory, we universally drive accuracy down (for example from 80% accuracy to 0%), more stealthily than prior weight tampering attacks; we also showcase leakage of sensitive LLM weights.”Critically, the attack can also escalate to CPU-level privileges, even with protections like input–output memory management unit (IOMMU) enabled, allowing attackers to gain root access and fully compromise the system.GPUBreach, GDDRHammer, and GeForge all show that GPU Rowhammer can corrupt page tables and enable GPU-side privilege escalation. However, GPUBreach stands out because it also achieves CPU privilege escalation even with IOMMU enabled.While GDDRHammer cannot reach CPU privilege escalation and GeForge requires disabling IOMMU, GPUBreach bypasses this protection by targeting bugs in the GPU driver. This allows attackers to gain root access without disabling key defenses, making it a more advanced and dangerous technique.ECC can help mitigate Rowhammer by correcting single-bit errors and detecting double-bit flips, so enabling it on supported GPUs is recommended. However, it fails against multi-bit flips and may allow silent corruption. Consumer GPUs lack ECC, leaving them without effective protection.“ECC is not a foolproof mitigation against GPUBreach.” concludes the researchers. “On desktop or laptop GPUs, where ECC is currently unavailable, there are no known mitigations to our knowledge”Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)