CVE-2023-4969

high-risk
Published 2024-01-16

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

Do I need to act?

~
2.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Opencl
Vulkan
Ddk
Instinct Mi300X Firmware
Instinct Mi300A Firmware
Instinct Mi250 Firmware
Instinct Mi210 Firmware
Instinct Mi100 Firmware
Radeon Instinct Mi50 Firmware
Radeon Instinct Mi25 Firmware
Radeon Pro V620 Firmware
Radeon Pro V520 Firmware
Radeon Pro W7600 Firmware
Radeon Pro W7500 Firmware
Radeon Pro W6400 Firmware
Radeon Pro W6500M Firmware
Radeon Pro W6300M Firmware
Radeon Pro W5700X Firmware
Radeon Pro W5500X Firmware
Radeon Rx 7900Xtx Firmware

Affected Vendors

Amd Khronos Imaginationtech

References (10)

Exploit https://blog.trailofbits.com
Third Party Advisory https://kb.cert.org/vuls/id/446598
Technical Description https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fund...
Vendor Advisory https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html
Third Party Advisory https://www.kb.cert.org/vuls/id/446598
Exploit https://blog.trailofbits.com
Third Party Advisory https://kb.cert.org/vuls/id/446598
Technical Description https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fund...
Vendor Advisory https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html
Third Party Advisory https://www.kb.cert.org/vuls/id/446598
58
/ 100
high-risk
Severity 21/34 · High
Exploitability 5/34 · Minimal
Exposure 32/34 · Critical