If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems
Recently, Trail of Bits researchers (a security firm) they made known through a blog post They detected a problem in AMD, Apple, Qualcomm and Imagination GPUs, which makes it possible for someone to obtain data from the graphics card's memory, even if it was created by a different program.
Named LeftoverLocals, This vulnerability affects to graphics processing units and with which an attacker can steal a significant amount of data.
About LeftoverLocals
Already cataloged under "CVE-2023-4969" and with a score of "8", they make LeftoverLocals, is an extremely dangerous vulnerability, as allows recovery of data from local memory of the GPU, which persist after another process has been executed and could contain sensitive information.
What makes LeftoverLocals a dangerous vulnerability is that affects a variety of widely used devices, many of which remained unpatched and that can be exploited in multi-user environments, where drivers for different users run on the same GPU, plus it could be exploited by malware to monitor the activity of processes running on the GPU, identifying data processed by the GPU kernel.
LeftoverLocals arises due to insufficient isolation of GPU local memory and inability to clear said memory after the execution of processes on the GPU. This allows a malicious process to identify residual data in local memory after another process has run or read data from a currently running process.
It is mentioned that, The essence of LeftoverLocals lies in local memory on a GPU that acts as a cache to store intermediate calculations and can vary in size from tens of kilobytes to several megabytes for each computing unit. The attack involves running a driver (kernel) on the GPU that periodically copies the contents of available local memory to global memory (VRAM). Since local memory is not cleared when switching between processors on the GPU and is shared between different processes within the same GPU computing unit, it may contain residual data from other processes.
In order to test the vulnerability, Trail of Bits researchers have developed some exploit prototypes for different GPUs, using OpenCL, Vulkan and Metal APIs to access the GPU. Although carrying out an attack from a browser via WebGPU is difficult due to the dynamic array boundary checks added by WebGPU, researchers have demonstrated how the vulnerability can be used to determine output data from other users and create communication channels. hidden between different processes.
In addition, it is mentioned that the amount of data filtered depends on the specific frame of the GPU and the size of its local memory. For example, the relatively large AMD Radeon RX 7900 XT loses about 5.5 MB or about 181 MB per LLM query, according to the researchers.
As GPUs are increasingly used to accelerate AI and machine learning applications, researchers warned that flaws like LeftoverLocals could become a major target.
"Overall, the introduction of machine learning raises new attack surfaces that traditional threat models do not take into account and that can lead to implicit and explicit access to data, model parameters or resulting results, increasing the overall attack surface of the system," the report states. the researchers wrote.
Trail of Bits noted that fixes have been implemented for this vulnerability on some Apple devices, and a driver update from AMD is expected in March, for its part Qualcomm has reported that it has fixed the issue for the Adreno a630 GPU in firmware update 2.07, while Imagination has provided a fix in the new DDK 23.3 released in December.
On the other hand, it is mentioned that NVIDIA, Intel and ARM GPUs are not affected. In Mesa's open source OpenCL drivers for AMD GPUs, memory is cleared after each kernel boot, but this method is considered inefficient in some cases.
Finally yes you are interested in knowing more about it, you can check the details in the following link