To exploit the LeftoverLocals vulnerability, an attacker must have access to the operating system on the target device. If successful, the attacker can extract data from local memory allocated to the GPU that they should not have access to.
LeftoverLocals Vulnerability Found in GPUs from Many Big Brands
The authors of the study demonstrated how the attack works: They launched a large 7 billion-parameter LLaMA language model using an AMD Radeon RX 7900 XT GPU, asked the AI questions, and “listened” to the answers. The data they collected almost perfectly matched the system’s actual responses. Even more worrying, the attack required less than ten lines of code.
Trail of Bits said that last summer it tested 11 chips from seven GPU manufacturers in a variety of software environments. The LeftoverLocals vulnerability was found in AMD, Apple, and Qualcomm GPUs, but it was not possible to determine whether it existed for Nvidia, Intel, or ARM GPUs.
An Apple spokesperson acknowledged the issue and said the vulnerability has been fixed for the M3 and A17 chips, meaning earlier models are still vulnerable. Meanwhile, Qualcomm reported that it is in the process of distributing security updates to its customers. For its part, AMD said that a software update will be released in March that “selectively mitigates” the LeftoverLocals vulnerability. Google also reported that it has released a ChromeOS update for devices running AMD and Qualcomm chips.
However, Trail of Bits warns that end users may not have easy access to all of these updated software options. Chip manufacturers release new firmware versions, and PC and component manufacturers implement them into their own latest software versions, which are then shipped to the end owner of the device. With so many players in the global market, it is not easy for all parties to coordinate their actions. While LeftoverLocals requires some level of access to the target device to work, modern attacks are performed across the entire vulnerability chain, so hackers can exploit them by combining methods.
Source link
![[Photo] Prime Minister Pham Minh Chinh chairs Government Conference with localities on economic growth](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/2/21/f34583484f2643a2a2b72168a0d64baa)
Comment (0)