CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
28.6%
Bulletin ID: AMD-SB-6010 **Potential Impact:**Data leakage Severity: Medium
Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-4969 | Medium | Insufficient clearing of GPU memory could allow a compromised GPU kernel to read local memory values from another kernel across user or application boundaries leading to loss of confidentiality. |
AMD plans to create a new mode that prevents processes from running in parallel on the GPU and clears local memory between processes on supported products. This mode would be designed to be set by an administrator and not enabled by default. Supporting documentation for the new mode, along with details of how to update AMD products, will be provided in a future update to this security bulletin.
AMD started rolling out mitigation options in May 2024 through applicable driver updates.
2024-05-07 Update:
AMD recommends updating to the latest driver version as indicated below for your product.
Data Center Graphics
Product | Inter-VM Mitigation | Bare Metal/Intra-VM Mitigation |
---|---|---|
AMD Radeon™ Instinct™ MI50 | ||
AMD Instinct™ MI100 | N/A | Bare metal/guest driver release TBD |
AMD Instinct™ MI210 | Host driver update release TBD | Bare metal/guest driver release targeted for October 2024 |
AMD Instinct™ MI250 | N/A | Bare metal/guest driver release targeted for October 2024 |
AMD Instinct™ MI300A | N/A | Bare metal/guest driver release targeted for August 2024 |
AMD Instinct™ MI300X | Host driver update released May 2024 | Bare metal/guest driver release targeted for August 2024 |
AMD Radeon™ Instinct™ MI25 | ||
AMD Radeon™ PRO V520 | ||
AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative. | Contact your AMD Customer Engineering representative. |
AMD Radeon™ Graphics
Product | Mitigation |
---|---|
AMD Radeon™ RX 5000 Series Graphics Cards | |
AMD Radeon™ RX 6000 Series Graphics Cards | |
AMD Radeon™ RX 7000 Series Graphics Cards | |
AMD Radeon™ RX Vega Series Graphics Cards | |
AMD Radeon™ VII | AMD Software: Adrenalin Edition 24.x.y release TBD |
AMD Radeon™ PRO W5000 Series Graphics Cards | |
AMD Radeon™ PRO W6000 Series Graphics Cards | |
AMD Radeon™ PRO W7000 Series Graphics Cards | |
AMD Radeon™ RX PRO Vega Series Graphics Cards | |
AMD Radeon™ PRO VII | AMD Software: PRO Edition 24.x.y release TBD |
Client Processors
Product | ** Mitigation** |
---|---|
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics | |
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | |
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics | |
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | |
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics | |
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics | |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | |
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics | |
AMD Ryzen™ 7000 Series Desktop Processors | |
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics | |
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics | |
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics | |
AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics | |
AMD Ryzen™ 7045 Series Mobile Processors | |
AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics | AMD Software: Adrenalin Edition 24.x.y release TBDorAMD Software: PRO Edition 24.x.y release TBD |