A new method of attacking NVIDIA graphics cards has emerged, one that sidesteps a key defense mechanism used to shield systems from memory-based exploits. Dubbed GPUBreach, the attack leverages a flaw in how GDDR6-based GPUs interact with system memory, even when Input-Output Memory Management Unit (IOMMU) protections are active.
Unlike previous rowhammer-style attacks that relied on direct memory access, GPUBreach focuses on corrupting metadata within the buffers assigned to GPU drivers. This corruption triggers out-of-band writes by the driver, which operates with kernel-level privileges on the host CPU. Because IOMMU typically restricts the GPU’s access to system memory, this approach allows an attacker to manipulate data that the driver is permitted to touch—effectively bypassing the protection entirely.
The attack was first disclosed to NVIDIA and major cloud providers in November 2025, but details only recently became public. Researchers at the University of Toronto demonstrated that GPUBreach can grant an attacker full root-level access on the system, a significant escalation compared to earlier rowhammer attacks.
Current mitigations, such as enabling IOMMU in BIOS settings, do not fully protect against this exploit. While ECC memory can help reduce the likelihood of bit flips in GDDR6, it is not a complete safeguard. The situation contrasts sharply with newer GPUs that use GDDR7 or HBM3/HBM4 memory, which incorporate On-Die ECC (OD-ECC) and are immune to this type of attack.
For users running older NVIDIA GPUs—particularly those in the RTX 50 series—this exploit introduces a new layer of risk. Systems relying on DDR4, LPDDR5, or GDDR7 memory already benefit from OD-ECC, which provides indirect protection against rowhammer-style attacks. However, GDDR6-based cards remain vulnerable unless NVIDIA issues a targeted security update.
Operational costs for affected systems could rise if additional security measures are required, though the immediate impact on most users is expected to be limited. The attack remains niche and does not affect newer hardware, but it serves as a reminder of the evolving landscape of memory-based exploits in computing.
