CyberSecurityBoard
Sponsor Register Login

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.
Tracked as CVE-2023-4969, the security issue enables data recovery from vulnerable GPUs, especially in the context of large language models and machine learning processes.
LeftoverLocals was discovered by Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, who reported it privately to the vendors before publishing a technical overview.
The security flaw stems from the fact that some GPU frameworks do not isolate memory completely and one kernel running on the machine could read values in local memory written by another kernel.
Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, who discovered and reported the vulnerability, explain that an adversary only needs to run a GPU compute application to read data a user left in the GPU local memory.
LeftoverLocals lets attackers launch a 'listener' - a GPU kernel that reads from uninitialized local memory and can dump the data in a persistent location, such as the global memory.
If the local memory is not cleared, the attacker can use the listener to read values left behind by the 'writer' - a program that stores values to local memory.
The animation below shows how the writer and listener programs interact and how the latter can retrieve data from the former on affected GPUs.
The recovered data can reveal sensitive information about the victim's computations, including model inputs, outputs, weights, and intermediate computations.
The Trail of Bits researchers have created a proof of concept to demonstrate LeftoverLocals and showed that an adversary can recover 5.5MB of data per GPU invocation, depending on the GPU framework.
Trail of Bits researchers discovered CVE-2023-4969 in September 2023 and informed CERT/CC to help coordinate the disclosure and patching efforts.
AMD informed that the following GPU models remain vulnerable as its engineers investigate effective mitigation strategies.
Qualcomm has released a patch via firmware v2.0.7 that fixes LeftoverLocals in some chips but others remain vulnerable.
Google warned in January 2024 that some of the vendor's GPUs are still impacted.
Intel, NVIDIA, and ARM GPUs have reported that the data leak problem doesn't impact their devices.
Trail of Bits suggests that GPU vendors implement an automatic local memory clearing mechanism between kernel calls, ensuring isolation of sensitive data written by one process.
Other potential mitigations include avoiding multi-tenant GPU environments in security-critical scenarios and implementing user-level mitigations.
GitHub rotates keys to mitigate impact of credential-exposing flaw.
MGM Resorts ransomware attack led to $100 million loss, data theft.
PixieFail flaws impact PXE network boot in enterprise systems.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 17 Jan 2024 15:35:19 +0000


Cyber News related to AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks - A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked as CVE-2023-4969, the security issue enables data ...
1 year ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 months ago Aws.amazon.com
Apple, AMD, Qualcomm, Imagination GPUs open to data theft The Register - A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users. On a non-shared system, malware that manages to run on the box could abuse the weakness to ...
1 year ago Go.theregister.com
Attackers Could Eavesdrop on AI Conversations on GPUs - Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the ...
1 year ago Techrepublic.com
Trello API abused to link email addresses to 15 million accounts - An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. Trello is an online project management tool owned by Atlassian that ...
1 year ago Bleepingcomputer.com
Apple's AI Moves Will Impact Future Chip, Cloud Security Plans - The measures Apple has implemented to prevent customer data theft and misuse by artificial intelligence will have a marked impact on hardware security, especially as AI becomes more prevalent on customer devices, analysts say. Apple emphasized ...
7 months ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Qualcomm chip vulnerability enables remote attack by voice call - Qualcomm disclosed a critical vulnerability on New Year's Day that would allow remote attacks via malicious voice calls over LTE networks. The January 2024 security bulletin lists a total of 26 vulnerabilities, including four critical ...
1 year ago Packetstormsecurity.com
ExpressVPN bug has been leaking some DNS requests for years - ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - ...
11 months ago Bleepingcomputer.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
1 year ago Bleepingcomputer.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
8 months ago Eff.org
CVE-2019-19083 - Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in ...
4 years ago
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
1 year ago Silicon.co.uk
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
1 year ago Eff.org
A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data - AMD released a security advisory on Wednesday detailing its plans to offer fixes for LeftoverLocals. The Trail of Bits researchers caution that actually getting these various fixes to proliferate will not be easy. Even when GPU makers release usable ...
1 year ago Wired.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
10 months ago Feeds.dzone.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
10 months ago Venturebeat.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
1 year ago Helpnetsecurity.com
When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
10 months ago Feeds.dzone.com
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
2 years ago Tripwire.com
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
CVE-2024-36969 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)