Existing GPU-based Rowhammer attacks induce only non-targeted bit flips, rendering them ineffective for breaching process isolation or achieving privilege escalation. This work presents the first targeted Rowhammer attack against GPU page tables: by precisely monitoring the timing and location of page table allocations and combining CUDA kernel-triggered memory accesses with controlled GDDR bit flips, the method enables deliberate corruption of GPU page table entries. This bypasses IOMMU protections and facilitates cross-process and even cross-device privilege escalation. The attack successfully leaks cuPQC cryptographic keys, modifies GPU assembly code, and achieves a root shell on a single-tenant system, thereby demonstrating for the first time the feasibility of end-to-end system control from GPU to CPU and substantially expanding the threat landscape of Rowhammer in heterogeneous computing environments.

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits shown capable of privilege escalation. In this paper, we demonstrate that GPU Rowhammer exploits can be as potent as CPU Rowhammer attacks. By exploiting the GPU page table management to identify when and where new page tables are allocated, we enable an unprivileged user CUDA kernel of one process to use RowHammer bit-flips to gain access to the GPU memory of other processes or co-tenants via targeted tampering of such page-tables resident on the GPU memory. Using this newly found primitive, we demonstrate the first GPU-side privilege escalation attacks, leaking secret data such as cryptographic keys from cuPQC libraries, and even tampering with the model's GPU assembly code to degrade models more stealthily than previous attacks. We further demonstrate that GPU-side privilege escalation can lead to CPU-side privilege escalation, defeating the protections provided by the IOMMU, enabling a malicious user-level program with GPU access to gain root shell and system-wide control, even in a non-multi-tenant setting.