GPU Rowhammer Vulnerability (GPUBreach) Enables System Takeover with IOMMU Enabled
What Happened — Researchers from the University of Toronto disclosed a new attack, GPUBreach, that leverages Row‑hammer‑induced bit‑flips in GDDR6 GPU memory to corrupt page tables, grant arbitrary GPU memory access, and then chain into a CPU‑side privilege escalation. The technique works even when the IOMMU is enabled, bypassing a core hardware mitigation.
Why It Matters for TPRM —
- The flaw affects high‑performance GPUs (e.g., NVIDIA RTX A6000) widely used in AI/ML workloads, cloud‑hosted GPU instances, and on‑premise workstations.
- Successful exploitation yields full system compromise, exposing any data processed on the host and potentially allowing lateral movement across tenant boundaries in multi‑tenant cloud environments.
- Existing mitigations (IOMMU, ECC) are insufficient, requiring vendors and customers to reassess hardware‑level security controls.
Who Is Affected — AI/ML service providers, cloud platforms offering GPU instances, research labs, enterprises running GPU‑accelerated workloads, and OEMs that ship NVIDIA RTX A6000 or similar GPUs.
Recommended Actions —
- Inventory all GPU‑enabled assets (on‑premise and cloud) and map them to third‑party contracts.
- Verify that vendors (NVIDIA, cloud providers) have applied the latest driver updates and security notices.
- Deploy additional runtime hardening (e.g., sandboxed CUDA kernels, strict driver signing) and monitor for anomalous GPU memory activity.
- Re‑evaluate reliance on IOMMU as the sole DMA protection for GPU workloads.
Technical Notes — GPUBreach abuses Rowhammer on GDDR6 memory to flip bits in GPU page‑table entries (PTEs). An unprivileged CUDA kernel gains arbitrary GPU memory read/write, which is then leveraged to exploit newly discovered memory‑safety bugs in the NVIDIA driver, achieving root‑level code execution on the host CPU. The attack does not require disabling IOMMU, making it more potent than prior GPU‑based Rowhammer exploits. Source: BleepingComputer