A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users.
On a non-shared system, malware that manages to run on the box could abuse the weakness to spy on the lone user's GPU activities.
Crucially, the graphics chips and their drivers are supposed to prevent this kind of monitoring, by fully isolating the memory and other resources used by each user process from one another, but in reality, many do not securely implement this functionality sufficiently, allowing data to be stolen.
Research made public on Tuesday detailed how miscreants can exploit the hole to read data they're not supposed to in a system's local GPU memory.
To exploit the security oversight, the attacker just needs to have sufficient access to a shared GPU to run application code on it.
That code, in spite of any isolation protections in place, on a vulnerable configuration can mine local memory for areas that have been used by other programs as a data cache.
Each cache should ideally be wiped after a program finishes using it, thwarting the theft of data.
This deletion doesn't automatically happen, allowing other applications on the GPU to observe the leftover contents.
While the flaw potentially affects all GPU applications on vulnerable chips, it is especially concerning for those processing machine-learning applications because of the amount of data these models process using GPUs, and therefore the amount of potentially sensitive information that could be swiped by exploiting this issue.
The bug hunters have been working with the affected GPU vendors and the CERT Coordination Center to address and disclose the flaws since September 2023.
The chip house also confirmed that a lot of its products are vulnerable to the memory leak, including multiple versions of its Athlon and Ryzen desktop and mobile processors, Radeon graphics cards, and Radeon and Instinct data center GPUs.
Based on our current understanding from researchers, if a user is running on the same local machine as malicious software then the final contents of the GPU program scratch pad memory that is used for temporary storage of data during operation could be viewable by a bad actor.
It is important to note there is no exposure to any other part of the system and no user data is compromised.
Since the exploit requires installing malicious software, AMD recommends users follow security best practices including protecting access to their system and not downloading unfamiliar software.
Google pointed out to Trail of Bits that some Imagination GPUs are impacted, and that the processor designer released a fix for its holes last month.
Google is aware of this vulnerability impacting AMD, Apple, and Qualcomm GPUs.
Google has released fixes for ChromeOS devices with impacted AMD and Qualcomm GPUs as part of the 120 and 114 releases in the Stable and LTS channels, respectively.
A spokesperson for Apple also told us that the iGiant appreciated the researchers' work as it advances the mega-corp's understanding of these types of threats.
Qualcomm has issued a firmware patch, though according to the researchers it only fixes the issue for some devices.
That's the good news here: loads of AI accelerators in the cloud come from Nvidia, so if you're training or running on those, you'll be OK. The others - Apple, Imagination, and Qualcomm in particular - aren't known for their presence in public cloud GPU pools, so the risk there is limited.
This Cyber News was published on go.theregister.com. Publication date: Wed, 17 Jan 2024 23:43:15 +0000