CVE-2023-4969

Name of the Vulnerable Software and Affected Versions GPU vendors and host devices affected, including Apple, AMD, Qualcomm, and Imagination GPUs. Specific affected versions are not specified, but it is mentioned that the issue affects various architectures and devices, including some iPhone, iPad, and Mac models, as well as certain AMD and Qualcomm chips.

Description A vulnerability in the GPU kernel allows it to read sensitive data from another GPU kernel, even from another user or application, through an optimized GPU memory region called local memory . This issue can be exploited to extract data from the local memory of a GPU, potentially revealing confidential information. The vulnerability, known as LeftoverLocals, is particularly concerning in multi-user systems where different users' handlers run on the same GPU. It can also be used in malicious software to track the activity of processes running on the GPU. The estimated number of potentially affected devices worldwide is not specified, but it is mentioned that the issue affects millions of devices, including iPhones, iPads, and Macs.

Recommendations For Apple devices, update to the latest version of the operating system and apply the available patches for the M3 and A17 processors. For AMD devices, apply the recommended security patches and follow the company's guidelines for mitigating the issue. For Qualcomm devices, update to the latest firmware version, which includes patches for the vulnerability. For Imagination GPUs, apply the available patches and follow the company's recommendations for securing the devices. As a temporary workaround, consider restricting access to the vulnerable GPU kernel or disabling the use of the local memory region until a patch is available.