Researchers Demonstrate GPU Privilege Escalation via Rowhammer, Bypassing IOMMU Protections
Key Takeaways
- ▸GPU Rowhammer attacks can achieve full privilege escalation to root shell, not just data corruption, by targeting GPU page tables in GDDR6 memory
- ▸The attack chains GPU-side compromise into CPU-side root access by exploiting memory-safety vulnerabilities in the NVIDIA kernel driver
- ▸Unlike concurrent research, GPUBreach succeeds with IOMMU protections enabled, making it applicable to real-world hardened systems following security best practices
Summary
University of Toronto researchers have discovered a critical vulnerability in NVIDIA GPUs that enables privilege escalation attacks through Rowhammer exploitation of GPU memory. The attack, called GPUBreach, demonstrates how bit-flips in GDDR6 memory can corrupt GPU page tables, allowing unprivileged CUDA kernels to gain arbitrary GPU memory read/write access. The research goes further than previous GPU Rowhammer work by chaining the GPU-side exploit into CPU-side root privilege escalation by exploiting memory-safety bugs in the NVIDIA driver—all while IOMMU protections remain enabled, a scenario considered more realistic than concurrent research.
The attack chain involves three key steps: corrupting GPU page tables through targeted Rowhammer bit-flips, leveraging the compromise to gain arbitrary GPU memory access, and then exploiting NVIDIA driver vulnerabilities to escalate privileges to the CPU kernel level. The researchers demonstrated the attack on NVIDIA RTX A6000 GPUs and showed practical exploitation scenarios including extraction of post-quantum cryptography keys from NVIDIA's cuPQC library, stealthy manipulation of machine learning models in cuBLAS, and spawning of root shells. The research is particularly significant because it works with IOMMU enabled—the recommended security configuration—unlike concurrent work by other institutions, making it a more potent and realistic threat to production systems.
- Demonstrated attack scenarios include stealing post-quantum cryptography keys, stealthy ML model manipulation, and arbitrary CPU/GPU memory access across processes
Editorial Opinion
GPUBreach represents a significant escalation in GPU security threats, demonstrating that hardware-level vulnerabilities like Rowhammer can have system-wide implications beyond what was previously understood. The ability to achieve CPU privilege escalation while IOMMU protections remain active is particularly concerning, as it undermines a fundamental assumption of GPU security architecture. This research underscores the urgent need for both hardware manufacturers and software developers to address memory-safety vulnerabilities in GPU drivers and consider additional mitigation strategies for Rowhammer attacks at the GPU level.
