Keypoints
- GPUBreach induces Rowhammer bit flips in GDDR6 to corrupt GPU page tables (PTEs).
- An unprivileged CUDA kernel can gain arbitrary GPU memory read/write after PTE corruption.
- Attackers can chain GPU access to CPU-side escalation by exploiting NVIDIA driver memory-safety bugs, enabling full system compromise.
- IOMMU does not stop GPUBreach and consumer GPUs without ECC are effectively unmitigated against multi-bit flips.
- Researchers from the University of Toronto disclosed the issue to NVIDIA, Google, AWS, and Microsoft and will publish a paper and reproduction package at IEEE S&P on April 13.