The bug hunters have been working with the affected GPU vendors and the CERT Coordination Center since September 2023 to address the flaws. AMD plans to roll out mitigations in March through driver updates. Imagination has already released a fix for its holes. Apple has fixes for its M3 and A17 series processors, but declined to comment on the issue's presence on the MacBook Air (M2). Qualcomm has issued a firmware patch, but it only fixes the issue for some devices. Nvidia and Arm are reportedly not affected.
Key takeaways:
- A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited to snoop on fellow users, especially those running machine-learning software.
- The vulnerability, dubbed LeftoverLocals, was discovered by Tyler Sorensen, a security research engineer, and allows miscreants to read data they're not supposed to in a system's local GPU memory.
- The flaw potentially affects all GPU applications on vulnerable chips, but is especially concerning for those processing machine-learning applications due to the amount of potentially sensitive information that could be stolen.
- AMD, Apple, Qualcomm, and Imagination have been working on patches and mitigations for the flaw, with some already released and others planned for the near future.