China's Navy Deploys AI to Eliminate Air Defense Blind Spots on New FrigateDeepSeek V4 to Launch on Huawei Chips With One Trillion ParametersFoxconn Posts Record Q1 Revenue as AI Server Demand Surges 30 PercentAsia's AI Boom Faces Its First Real Stress Test as Iran War Disrupts Energy and ChipsThe Physical AI Era Is Here: Why Robots Are Moving From Simulation to Factory FloorsAI Captured 80 Percent of Global Venture Funding in Q1 2026 — What That Means for Everything ElseAI Virtual Try-On Startups Take On Retail's Multibillion-Dollar Returns ProblemEclipse Raises $1.3 Billion to Build the 'Physical AI' EconomyChina's Navy Deploys AI to Eliminate Air Defense Blind Spots on New FrigateDeepSeek V4 to Launch on Huawei Chips With One Trillion ParametersFoxconn Posts Record Q1 Revenue as AI Server Demand Surges 30 PercentAsia's AI Boom Faces Its First Real Stress Test as Iran War Disrupts Energy and ChipsThe Physical AI Era Is Here: Why Robots Are Moving From Simulation to Factory FloorsAI Captured 80 Percent of Global Venture Funding in Q1 2026 — What That Means for Everything ElseAI Virtual Try-On Startups Take On Retail's Multibillion-Dollar Returns ProblemEclipse Raises $1.3 Billion to Build the 'Physical AI' EconomyChina's Navy Deploys AI to Eliminate Air Defense Blind Spots on New FrigateDeepSeek V4 to Launch on Huawei Chips With One Trillion ParametersFoxconn Posts Record Q1 Revenue as AI Server Demand Surges 30 PercentAsia's AI Boom Faces Its First Real Stress Test as Iran War Disrupts Energy and ChipsThe Physical AI Era Is Here: Why Robots Are Moving From Simulation to Factory FloorsAI Captured 80 Percent of Global Venture Funding in Q1 2026 — What That Means for Everything ElseAI Virtual Try-On Startups Take On Retail's Multibillion-Dollar Returns ProblemEclipse Raises $1.3 Billion to Build the 'Physical AI' Economy
Lanceum
Close-up of a GPU graphics card
BleepingComputer
News

GPUBreach Attack Exploits GPU Memory Flaw for Full System Takeover

University of Toronto researchers demonstrate how Rowhammer-style bit flips in GDDR6 memory can escalate to root-level access on NVIDIA GPUs.

M
Maya SantosSenior Reporter
3 min read

A team of researchers at the University of Toronto has demonstrated a new attack called GPUBreach that can induce Rowhammer-style bit flips in GPU GDDR6 memory to escalate privileges and achieve full system compromise. The findings will be presented at the IEEE Symposium on Security and Privacy on April 13 in Oakland.

How It Works

The attack exploits a fundamental vulnerability in GDDR6 memory. Rowhammer-induced bit flips can corrupt GPU page tables, granting arbitrary GPU memory read and write access to an unprivileged CUDA kernel. An attacker can then chain this into a CPU-side privilege escalation by targeting memory-safety bugs in the NVIDIA driver.

What makes GPUBreach particularly concerning is that it bypasses Input-Output Memory Management Unit (IOMMU) protection — a key security boundary that separates GPU and CPU memory spaces. Previous attacks like GDDRHammer could not reach CPU privilege escalation, and GeForge required disabling IOMMU entirely. GPUBreach circumvents this protection by targeting bugs in the GPU driver itself.

Impact on AI Infrastructure

The researchers demonstrated the attack on an NVIDIA RTX A6000 GPU with GDDR6 memory — a model widely deployed in AI development and training workloads. This makes the vulnerability particularly relevant for organizations running shared GPU infrastructure for machine learning, where multiple tenants may share access to the same physical hardware.

The researchers emphasized that GPUBreach is "completely unmitigated" for consumer GPUs that lack error-correcting code (ECC) memory. Enterprise GPUs with ECC provide some protection, but the driver-level vulnerabilities remain a concern across the product line.

Implications for GPU Security

The disclosure highlights a growing attack surface in GPU computing that has received relatively little security scrutiny compared to CPU vulnerabilities. As GPUs become central to AI infrastructure, the security of GPU memory, drivers, and management layers is becoming a critical concern.

NVIDIA has been notified of the findings. The company has not yet issued a public response or timeline for a patch addressing the underlying driver vulnerabilities.

Newsletter

Get Lanceum in your inbox

Weekly insights on AI and technology in Asia.

Share

More in News

Chinese naval vessel at sea
News

China's Navy Deploys AI to Eliminate Air Defense Blind Spots on New Frigate

DeepSeek V4 model architecture visualization
News

DeepSeek V4 to Launch on Huawei Chips With One Trillion Parameters

Foxconn manufacturing facility in Taiwan
News

Foxconn Posts Record Q1 Revenue as AI Server Demand Surges 30 Percent

Lanceum

Independent coverage of AI and technology across Asia. We go beyond headlines to explain what matters.

Sections

Company

Colophon

Typeset in Space Grotesk & DM Serif Display. Built with Nuxt & Tailwind. Powered by curiosity.

© 2026 Lanceum. All rights reserved.

Independent • Rigorous • Asia-Focused