Lucene search

Amd.comAMD-SB-6010

HistoryJan 16, 2024 - 12:00 a.m.

GPU Memory Leaks

2024-01-1600:00:00

amd.com

www.amd.com

amd

gpu

memory leak

data leakage

insufficient clearing

processors

graphics cards

data center graphics

mitigation

march 2024.

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

28.6%

JSON

Bulletin ID: AMD-SB-6010 **Potential Impact:**Data leakage Severity: Medium

Summary

Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel.

CVE Details

Refer to Glossary for explanation of terms

CVE	Severity	CVE Description
CVE-2023-4969	Medium	Insufficient clearing of GPU memory could allow a compromised GPU kernel to read local memory values from another kernel across user or application boundaries leading to loss of confidentiality.

Mitigation

AMD plans to create a new mode that prevents processes from running in parallel on the GPU and clears local memory between processes on supported products. This mode would be designed to be set by an administrator and not enabled by default. Supporting documentation for the new mode, along with details of how to update AMD products, will be provided in a future update to this security bulletin.

AMD started rolling out mitigation options in May 2024 through applicable driver updates.

2024-05-07 Update:
AMD recommends updating to the latest driver version as indicated below for your product.

Data Center Graphics

Product	Inter-VM Mitigation	*Bare Metal/Intra-VM* Mitigation**
AMD Radeon™ Instinct™ MI50
AMD Instinct™ MI100	N/A	Bare metal/guest driver release TBD
AMD Instinct™ MI210	Host driver update release TBD	Bare metal/guest driver release targeted for October 2024
AMD Instinct™ MI250	N/A	Bare metal/guest driver release targeted for October 2024
AMD Instinct™ MI300A	N/A	Bare metal/guest driver release targeted for August 2024
AMD Instinct™ MI300X	Host driver update released May 2024	Bare metal/guest driver release targeted for August 2024
AMD Radeon™ Instinct™ MI25
AMD Radeon™ PRO V520
AMD Radeon™ PRO V620	Contact your AMD Customer Engineering representative.	Contact your AMD Customer Engineering representative.

AMD Radeon™ Graphics

Product	Mitigation
AMD Radeon™ RX 5000 Series Graphics Cards
AMD Radeon™ RX 6000 Series Graphics Cards
AMD Radeon™ RX 7000 Series Graphics Cards
AMD Radeon™ RX Vega Series Graphics Cards
AMD Radeon™ VII	AMD Software: Adrenalin Edition 24.x.y release TBD
AMD Radeon™ PRO W5000 Series Graphics Cards
AMD Radeon™ PRO W6000 Series Graphics Cards
AMD Radeon™ PRO W7000 Series Graphics Cards
AMD Radeon™ RX PRO Vega Series Graphics Cards
AMD Radeon™ PRO VII	AMD Software: PRO Edition 24.x.y release TBD

Client Processors

Product	Mitigation
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7000 Series Desktop Processors
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD Ryzen™ 7045 Series Mobile Processors
AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics	AMD Software: Adrenalin Edition 24.x.y release TBDorAMD Software: PRO Edition 24.x.y release TBD