A standard GPU can be tricked into flipping bits in its own memory to grant a regular user full root access to the entire computer.
System security usually relies on the assumption that graphics cards are isolated from the core operating system kernel. This attack uses the Rowhammer phenomenon to bypass memory protections specifically within the GPU hardware. By manipulating these memory bits, an unprivileged attacker can read data from other processes and eventually take control of the host CPU. Most cloud providers and shared computing environments assume hardware-level isolation is a given. This discovery proves that a physical flaw in graphics hardware can collapse the digital walls between users. Securing a machine now requires looking past the processor and into the silicon of every peripheral.
GPUBreach: Privilege Escalation Attacks on GPUs using Rowhammer
arXiv · 2605.03812
NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits shown capable of privilege escalation. In this paper, we demonstrate that GPU Rowhammer exploits can be as potent as CPU Rowhammer attacks. By exploiting the GPU page table management to identify when an