GPUBreach exploits Rowhammer vulnerabilities in GPU GDDR6 memory

Security researchers unveiled GPUBreach on April 6, 2026, a sophisticated attack technique that exploits Rowhammer vulnerabilities in GPU GDDR6 memory to achieve privilege escalation.

Key takeaways:

• PoC demonstrated by security researchers where the attack was induced by bit-flips in graphics memory to break security boundaries between user and kernel space.
• For attackers the key target was Modern graphics cards with GDDR6 memory modules. This information was enough to understand that by repeatedly accessing specific memory rows in GDDR6 modules at high frequency can cause electrical interference, corrupting adjacent memory cells.
• Rowhammer attacks is known to target system RAM but in this GPU Breach the attackers were speciifc and focused on the graphics subsystem knowing memory protections are not concrete.
• Researchers identified how attackers carefully timed the memory access patterns through GPU compute shaders, attackers can reliably trigger bit-flips in targeted memory locations

Threats & Learnings from the GPUBreach

RowHammer is a long-standing Dynamic Random-Access Memory (DRAM)

For researchers the GPUBreach is particularly concerning as attackers can operate from unprivileged user space through standard graphics APIs and doesn’t require administrative access or specialized hardware knowledge.

Further the module of attack can be embedded in malicious web content, games, or GPU-accelerated applications without triggering traditional security monitoring systems.

Security research team tested GPUBreach across multiple GPU architectures and found results were similar on all tabs from major manufacturers.

They found if abused, the attack remains effective under shared GPU memory architectures where graphics memory directly interfaces with system memory through unified memory addressing schemes.

Until recently such attacks had been restricted to CPUs and traditional CPU-based memory, now GPUs in operation they unleash a critical role in AI and ML workloads, Rowhammer-style attack targeting the memory of GPU.

This was found by a team from the University of Toronto last year who successfully demonstrated a Rowhammer-style attack targeting the memory of an Nvidia GPU. 

Cloud environments are under risks from such attacks as multiple users share the same physical GPU including enterprise environments face increased risk due to the pervasiveness of GPU computing in machine learning, cryptocurrency mining and computing.

GPUBreach extends this approach to corrupt GPU page tables with RowHammer and achieve privilege escalation, resulting in arbitrary command to read/write on GPU memory.

Attack Technique

• The attackers know well in advance that such kind of attack require no access for physical or confined hardware access to target any system.
• The attack leverages the high-bandwidth nature of GDDR6 memory, operating at speed that goes up to 16 Gbps per pin.
• Researchers found that specific access patterns could amplify this interference to the point where bit-flips occur predictably within 30 seconds of sustained access.

Threat Mitigation

Detection strategies should focus on monitoring GPU memory access patterns and system call anomalies that indicate privilege escalation attempts.

Security teams should implement logging for unusual GPU compute shader compilation and execution, particularly shaders that perform repetitive memory access without corresponding visual output.

The Microsoft Security Response Center recommends enabling enhanced GPU security features available in Windows 11 22H2 and later versions.

Sources: GPUBreach Attack Exploits GDDR6 Memory Rowhammer Flaws