Three of the biggest names in the industry—AMD, Apple, and Qualcomm—made GPUs that have a significant security flaw. According to the name of the bug, LeftoverLocals, attackers can use the GPU’s memory to steal information from a lot of different computers.
How the Vulnerability Works
What does LeftoverLocals mean? LeftoverLocals is a security hole in the memory of GPUs that are used in many devices, such as smartphones, tablets, laptops, PCs, and custom-built servers.
What Does It Do? There is still information in the GPU’s memory even after a processing job is finished. This oAttackers can access other people’s information by using this outdated data.
devices are: A lot of different kinds of computers are vulnerable to this bug, from game PCs to servers. GPUs made by Apple, AMD, and Qualcomm are especially at risk.
Proof Proof of Concept: Using the open-source tool Llama.cpp, researchers at “Trail of Bits” demonstrated the flaw.got to data from another server in a matter of seconds, showing how bad the problem was.
Effects on GPUs
This flaw affects a number of GPUs, such as
Radeon RX 7900 XT from AMD
The iPhone 12 Pro and M2 MacBook Air both have Apple GPUs.
GPUs from Qualcomm
Notably, this attack doesn’t seem to work on the newest versions of the iPhone 15. But a lot of study shows that GPUs from Apple, AMD, and Qualcomm are all vulnerable.
Answers from Vendors
Apple: On January 10, the company quickly released a patch for Apple A17 and M3 series computers that were impacted. But it’s still not clear what will happen with other affected devices, like the Apple MacBook Air 3rd Generation with its A12 chip.
Qualcomm: Qualcomm fixed the flaw in some of its devices by releasing new software (v2.07).
AMD: AMD agreed that there was a problem and rated its seriousness as “medium.” The chipmaker wants to make a new mode that clears the VRAM between processes and stops processes from running in parallel on the GPU’s memory.
In conclusion
The LeftoverLocals flaw shows how important it is for GPU designers to use strong security techniques. As technology changes, companies that make products must stay alert to keep user info safe and stop people from getting in without permission.
Read the whole thing on Tom’s Hardware1 for more information.