GPUBreach Attack: GPU Rowhammer Leads to Full System Compromise

/MEDIUM
SCW threat-inteldata-breach
GPUBreach Attack: GPU Rowhammer Leads to Full System Compromise

Researchers have unveiled a novel attack dubbed GPUBreach, capable of leveraging Rowhammer bit-flips on GPU GDDR6 memory to achieve privilege escalation and ultimately, complete system takeover. This isn’t just about corrupting data; GPUBreach targets GPU page tables (PTEs) to grant an unprivileged CUDA kernel arbitrary read/write access to GPU memory. According to the researchers, this capability can then be chained with exploits for memory-safety bugs found in NVIDIA drivers, potentially leading to a root shell on the CPU.

What’s particularly concerning is that GPUBreach can bypass Input-Output Memory Management Unit (IOMMU) protections, a hardware safeguard typically effective against direct memory access (DMA) attacks. The University of Toronto team, who developed the exploit, will present their findings at the IEEE Symposium on Security & Privacy. They emphasize that GPUBreach represents a significant advancement, moving GPU Rowhammer attacks from mere data corruption to potent privilege escalation, even when IOMMU is active.

What This Means For You

  • Security teams should prioritize patching NVIDIA drivers and closely monitor for unusual GPU memory access patterns, as GPUBreach demonstrates a viable attack path bypassing traditional DMA protections.

By Shimi's Cyber World Editorial

Found this interesting? Follow us to stay ahead.

Telegram Channel Follow Shimi Cohen Follow Shimi's Cyber World
Share
LinkedIn WhatsApp Reddit