AMD released a security advisory on Wednesday detailing its plans to offer fixes for LeftoverLocals.
The Trail of Bits researchers caution that actually getting these various fixes to proliferate will not be easy.
Even when GPU makers release usable patches, the device makers that incorporate their chips into personal computers and other devices must then package and relay the protections to end users.
With so many players in the global tech ecosystem, it's difficult to coordinate all parties.
Though exploiting the vulnerability would require some amount of existing access to targets' devices, the potential implications are significant given that it is common for highly motivated attackers to carry out hacks by chaining multiple vulnerabilities together.
The researchers note that leaks from machine learning processes in other applications could be very sensitive-for example, if a mobile medical health app is incorporating AI patient support.
A GPU could process any number of things, and data privacy in memory is a foundational element that must be built into silicon from the start.
In the six years since disclosure of the Spectre and Meltdown CPU processor vulnerabilities, chipmakers have invested significant energy into strengthening and refining memory protections, not just through firmware patches for existing chips, but by making physical improvements to how CPUs are designed.
These hardware changes take years to implement because the manufacturing pipeline is planned far in advance.
In practice years of processor memory vulnerabilities have illustrated the potential risks and the importance of addressing such flaws.
This Cyber News was published on www.wired.com. Publication date: Tue, 16 Jan 2024 17:13:03 +0000