A new security vulnerability called LeftoverLocals affects GPUs made by some of the leading names, like AMD, Apple, and Qualcomm. It enables data theft from the GPU's memory irrespective of the form factor and operating system. The flaw was discovered by the researchers at 'Trail of Bits.' Since these GPUs are used in a wide range of smartphones, tablets, notebooks, PCs, and purpose-built servers, the vulnerability leaves a wide range of computing devices at risk.
PCs and servers are designed to allow multiple users to share system processing resources without being able to access each other's data. However, the LeftoverLocals vulnerability negates that protection and infiltrates other users' data via the GPU's memory. Once the attacker has access to the device with a vulnerable GPU, the attacker can access its memory and read its data, as it contains residual data even after a particular execution is complete.
The group posted its findings and a proof of concept using an open-source LLM program, Llama.cpp, to access data from another system, showing data within seconds after it was prepared and stored in the graphics processor's memory. Once the attacker has access to the system, the exploit uses less than ten lines of code.
The researchers tested 11 GPUs made by different vendors for different platforms. Impacted GPUs include the AMD Radeon RX 7900 XT and Apple's GPUs in the iPhone 12 Pro and M2 Macbook Air. The group confirmed that the latest iPhone 15 variants do not appear to be affected.
Based on extensive research, the group found GPUs made by AMD, Apple, and Qualcomm are vulnerable to this attack. Researchers could not find flaws in Intel, Nvidia, Arm, or Imagination GPUs. The research group disclosed this security risk to the US-CERT Coordination Center and the Khronos Group.
Acknowledgement by GPU Vendors
AMD, Apple, and Qualcomm have now acknowledged the issue. Apple made a patch available for the affected Apple A17 and M3 series processors on January 10. However, Apple hasn't clarified the situation with other impacted devices yet, like the Apple MacBook Air 3rd Generation with its A12 processor. Qualcomm also rolled out a new firmware (v2.07) to patch some of its devices.
AMD posted a security bulletin marking the severity of the issue as 'medium.' The chipmaker listed all the affected CPUs with on-chip graphics, discrete graphics cards, and data center GPUs. AMD says it plans to create a new mode that prevents processes from running in parallel on the GPU's memory and clears the VRAM between processes. This mitigation process won't arrive until March 2024.
