- Aug 17, 2017
- 1,610
A new security vulnerability called LeftoverLocals affects GPUs made by some of the leading names, like AMD, Apple, and Qualcomm. It enables data theft from the GPU's memory irrespective of the form factor and operating system. The flaw was discovered by the researchers at 'Trail of Bits.' Since these GPUs are used in a wide range of smartphones, tablets, notebooks, PCs, and purpose-built servers, the vulnerability leaves a wide range of computing devices at risk.
PCs and servers are designed to allow multiple users to share system processing resources without being able to access each other's data. However, the LeftoverLocals vulnerability negates that protection and infiltrates other users' data via the GPU's memory. Once the attacker has access to the device with a vulnerable GPU, the attacker can access its memory and read its data, as it contains residual data even after a particular execution is complete.
The group posted its findings and a proof of concept using an open-source LLM program, Llama.cpp, to access data from another system, showing data within seconds after it was prepared and stored in the graphics processor's memory. Once the attacker has access to the system, the exploit uses less than ten lines of code.

Graphics card flaw enables data theft in AMD, Apple, and Qualcomm chips by exploiting GPU memory
Attackers can take advantage of the GPU's memory used in smartphones, Macbooks, servers and gaming PCs
