Arm warns of actively exploited flaw in Mali GPU kernel drivers

June 10, 2024 at 06:56PM Arm has issued a security bulletin regarding a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers, known as CVE-2024-4610, impacting versions r34p0 through r40p0. This use-after-free vulnerability (UAF) poses a risk of information disclosure and arbitrary code execution. The issue has been fixed in version r41p0, with users urged … Read more

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

January 17, 2024 at 10:36AM The ‘LeftoverLocals’ vulnerability affects GPUs from AMD, Apple, Qualcomm, and Imagination Technologies, allowing data retrieval from local memory. Discovered by Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, it exploits incomplete memory isolation in GPU frameworks, enabling unauthorized data access. Mitigation efforts are underway, including patching and recommending automatic … Read more

AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

January 17, 2024 at 08:30AM Researchers discovered a new attack method, LeftoverLocals (CVE-2023-4969), exploiting a GPU vulnerability to access sensitive data from AI and other applications. LeftoverLocals can affect Apple, AMD, Qualcomm, and Imagination Technologies GPUs. Qualcomm and Apple are releasing patches, while AMD plans mitigations in March 2024. The vulnerability allows local attackers to … Read more