A team of researchers from the University of Toronto developed the GPUBreach attack, which, similar to the GDDRHammer and GeForge attacks announced recently, uses the RowHammer technique to corrupt GDDR video memory bits and damage the GPU memory page table. GPUBreach allows root access to the main system environment by executing an unprivileged CUDA kernel on an NVIDIA GPU.
A unique feature of the attack is its ability to operate with the IOMMU enabled. To bypass the IOMMU, the attack corrupts the state of NVIDIA's proprietary kernel driver and initiates a buffer overflow, overwriting the contents of kernel structures. The attack is also demonstrated using the cuPQC library to extract encryption keys from GPU memory, accelerating cryptographic computations by offloading them to the GPU.
Source: opennet.ru
