{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rowhammer/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rowhammer","privilege-escalation","gpu","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA team of researchers from the University of Toronto has discovered a new Rowhammer attack named GPUBreach, which exploits GDDR6 memory in Nvidia GPUs. This attack induces bit flips that corrupt GPU page tables. In combination with existing memory-safety bugs in Nvidia drivers, GPUBreach enables arbitrary read-write access to memory. This ultimately leads to CPU-side privilege escalation, resulting in a root shell and full system compromise. This poses a significant threat to cloud environments, where multiple users share the same physical GPU. The researchers reported their findings to Nvidia in November 2025. Google awarded a $600 bounty for the vulnerability discovery.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains code execution privileges on a GPU within a shared environment (e.g., cloud).\u003c/li\u003e\n\u003cli\u003eAttacker utilizes the GPUBreach technique to repeatedly access (\u0026ldquo;hammer\u0026rdquo;) a specific row of GDDR6 memory cells on the GPU.\u003c/li\u003e\n\u003cli\u003eThis \u0026ldquo;hammering\u0026rdquo; generates electrical interference, causing bit flips in neighboring memory regions.\u003c/li\u003e\n\u003cli\u003eThe induced bit flips corrupt GPU page tables, granting arbitrary read-write access to memory.\u003c/li\u003e\n\u003cli\u003eAttacker exploits memory-safety bugs in Nvidia drivers.\u003c/li\u003e\n\u003cli\u003eThis leads to CPU-side privilege escalation by exploiting the corrupted memory access.\u003c/li\u003e\n\u003cli\u003eAttacker gains root shell privileges on the compromised system.\u003c/li\u003e\n\u003cli\u003eAttacker achieves full system compromise, potentially leading to unauthorized data access, data corruption, or breaches of memory isolation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe GPUBreach attack allows for privilege escalation from a user with GPU access to root on a shared system. This compromises the confidentiality, integrity, and availability of the entire system, especially in cloud environments where multiple users share physical GPUs. Successful exploitation can lead to unauthorized data access, data corruption, breaches of memory isolation, and potentially complete control over the compromised system. Google awarded a $600 bounty highlighting the significance of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable ECC on server and workstation GPUs (e.g., RTX A6000) as per the Nvidia security notice to mitigate single-bit flips, although this is not a foolproof mitigation as the attack can induce more than two bit flips.\u003c/li\u003e\n\u003cli\u003eMonitor GPU resource usage for unusual memory access patterns indicative of Rowhammer attacks using the detection rule for \u003ccode\u003eGPU Memory Hammering Detection\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor for suspicious processes utilizing the GPU in conjunction with privilege escalation attempts as detected by the \u003ccode\u003eSuspicious GPU Privilege Escalation\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T11:31:38Z","date_published":"2026-04-07T11:31:38Z","id":"/briefs/2026-04-gpubreach-rowhammer/","summary":"GPUBreach is a novel Rowhammer attack targeting GPUs, allowing privilege escalation to root shell by inducing bit flips in GDDR6 memory and exploiting memory-safety bugs in Nvidia drivers, posing a significant risk to shared cloud environments.","title":"GPUBreach: GPU Rowhammer Attack for Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-04-gpubreach-rowhammer/"}],"language":"en","title":"CraftedSignal Threat Feed — Rowhammer","version":"https://jsonfeed.org/version/1.1"}