Apple, Qualcomm, AMD GPUs Leak Artificial Intelligence Data

TRENDING GLOBALLY

-: FOLLOW US :-  @theinsaneapp

A new GPU vulnerability called 'LeftoverLocals' affects GPUs from AMD, Apple, Qualcomm, and Imagination Technologies, allowing unauthorized retrieval of data from the local memory space.

-: FOLLOW US :-  @theinsaneapp

Tracked as CVE-2023-4969, the vulnerability, discovered by Trail of Bits researchers Tyler Sorensen and Heidy Khlaaf, particularly poses a threat to large language models (LLMs) and machine learning (ML) processes.

-: FOLLOW US :-  @theinsaneapp

The security flaw arises because certain GPU frameworks lack complete memory isolation, enabling one kernel to read values in local memory written by another kernel.

-: FOLLOW US :-  @theinsaneapp

Attackers can exploit LeftoverLocals by running a GPU compute application (e.g., OpenCL, Vulkan, Metal) to read data left in the GPU local memory by a user.

-: FOLLOW US :-  @theinsaneapp

The vulnerability allows attackers to launch a 'listener,' a GPU kernel that reads from uninitialized local memory and can dump data in a persistent location, such as the global memory.

-: FOLLOW US :-  @theinsaneapp

If local memory is not cleared, the listener can retrieve values left behind by the 'writer' program, exposing sensitive information about computations, model inputs, outputs, weights, and intermediate computations.

-: FOLLOW US :-  @theinsaneapp

In a multi-tenant GPU context running LLMs, LeftoverLocals can be used to eavesdrop on other users' sessions and recover data from their "writer" processes in the GPU's local memory.

-: FOLLOW US :-  @theinsaneapp

A proof of concept (PoC) by Trail of Bits demonstrates that an attacker can recover up to 5.5MB of data per GPU invocation, with potential for higher amounts depending on the GPU framework.

-: FOLLOW US :-  @theinsaneapp

Trail of Bits discovered CVE-2023-4969 in September 2023 and reported it to CERT/CC for coordinated disclosure and patching efforts.

-: FOLLOW US :-  @theinsaneapp

Some vendors have already released fixes, while others are still working on defense mechanisms. Apple's latest iPhone 15 is unaffected, but the issue persists on M2-powered computers.

-: FOLLOW US :-  @theinsaneapp

AMD, Qualcomm, and Imagination Technologies have released patches for some models, but certain GPUs from Imagination are still impacted, according to a warning from Google.

-: FOLLOW US :-  @theinsaneapp

Intel, NVIDIA, and ARM GPUs are reported not to be affected by the data leak problem.

-: FOLLOW US :-  @theinsaneapp

Trail of Bits recommends GPU vendors implement an automatic local memory clearing mechanism between kernel calls to ensure isolation of sensitive data.

-: FOLLOW US :-  @theinsaneapp

They acknowledge potential performance overhead but argue it is justified given the severity of security implications.

-: FOLLOW US :-  @theinsaneapp

Other suggested mitigations include avoiding multi-tenant GPU environments in security-critical scenarios and implementing user-level mitigations.