"GPUBreach" is a Rowhammer attack targeting GDDR6-based NVIDIA GPUs that can bypass the IOMMU.

New "GPUBreach" Attack Bypasses IOMMU Protections on NVIDIA GDDR6 GPUs

Recent research from the University of Toronto has uncovered a significant security vulnerability affecting NVIDIA GPUs equipped with GDDR6 memory. The newly identified attack, named "GPUBreach," enables privilege escalation on the CPU side by exploiting weaknesses in GPU drivers, even when standard security measures like IOMMU are enabled.

Understanding IOMMU and Previous GPU Rowhammer Attacks

The Input-Output Memory Management Unit (IOMMU) is a critical security feature in modern servers, workstations, and PCs. It restricts the memory regions that GPUs can access, effectively blocking direct memory access (DMA) attacks. Previous rowhammer-style exploits, such as "GDDRHammer" and "GeForge," relied on manipulating memory through DMA, which IOMMU is designed to prevent.

How GPUBreach Works

Unlike earlier attacks, GPUBreach targets vulnerabilities within the GPU driver itself. When IOMMU is active, the GPU's access is limited to specific driver-assigned memory buffers. GPUBreach manipulates metadata within these allowed buffers, causing the trusted GPU driver—operating with kernel-level privileges—to perform unauthorized memory writes. This out-of-band write operation bypasses IOMMU protections, as the exploit leverages the driver's elevated trust and access within the operating system.

The result is a full root privilege escalation, granting attackers extensive control over the host system. This method marks a significant departure from traditional rowhammer attacks, which were largely mitigated by IOMMU.

Disclosure and Impact

The University of Toronto researchers responsibly disclosed the GPUBreach vulnerability to NVIDIA in November 2025, as well as to major cloud providers including Google, AWS, and Microsoft. While newer NVIDIA GPUs featuring GDDR7 and HBM3/HBM4 memory are not affected by this exploit, older models with GDDR6 remain at risk.

Mitigation and Future Outlook

Error-Correcting Code (ECC) memory can mitigate some GDDR6-based bit flips, but it does not provide complete immunity. Modern DRAM technologies such as DDR4, DDR5, LPDDR5, HBM3, and GDDR7 incorporate On-Die ECC (OD-ECC), which offers additional protection against rowhammer-style attacks. However, systems using GDDR6-based NVIDIA GPUs should remain vigilant and monitor for upcoming security updates from NVIDIA.

Maya Stein Maya is a tech journalist who specializes in PC hardware and semiconductor industry trends. When she’s not writing, she’s building custom PCs and testing the latest peripherals.