GPU Memory Leaks
Bulletin ID: AMD-SB-6010
Potential Impact: Data leakage
Severity: Medium
Summary
Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel.
CVE Details
Refer to Glossary for explanation of terms
CVE |
Severity |
CVE Description |
CVE-2023-4969 |
Medium |
Insufficient clearing of GPU memory could allow a compromised GPU kernel to read local memory values from another kernel across user or application boundaries leading to loss of confidentiality. |
Mitigation
AMD has created a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products. This mode is not enabled by default and needs to be set by an administrator. AMD expects performance impacts if the new mode is enabled in environments where multiple processes would have been running simultaneously on the GPU. The performance impact will be related to the number of processes that would have been running in parallel. Additionally, a lesser performance impact may arise due to the additional clearing of registers between processes.
Instructions for enabling the new mode can be found in the relevant release notes and/or product documentation.
AMD started rolling out mitigation options beginning in May 2024 through applicable driver updates.
2024-05-07 Update:
AMD recommends updating to the latest driver version as indicated below for your product.
Data Center Graphics
Product |
Inter-VM Mitigation |
Bare Metal/Intra-VM Mitigation |
AMD Instinct™ MI100 |
N/A |
Bare metal/guest driver release TBD |
AMD Instinct™ MI210 |
Host driver update (Target Release planned for week of April 28, 2025) |
ROCm 6.3.1 |
AMD Instinct™ MI250 |
N/A |
ROCm 6.3.1 |
AMD Instinct™ MI300A |
N/A |
ROCm 6.2.4 |
AMD Instinct™ MI300X |
Host driver update released May 2024 |
ROCm 6.2.4 |
AMD Radeon™ Instinct™ MI25 AMD Radeon™ PRO V520 AMD Radeon™ PRO V620 AMD Radeon™ PRO V710 |
Contact your AMD Customer Engineering representative. |
Contact your AMD Customer Engineering representative. |
AMD Radeon™ Graphics
Product |
Windows Mitigation |
Linux Mitigation |
AMD Radeon™ RX 5000 Series Graphics Cards AMD Radeon™ RX 6000 Series Graphics Cards AMD Radeon™ RX 7000 Series Graphics Cards AMD Radeon™ RX Vega Series Graphics Cards AMD Radeon™ RX 9000 Series Graphics Cards |
AMD Software: Adrenalin Edition 25.6.1 (25.10.x.y) (Target Release June 2025) |
Radeon Software for Linux 25.10.x (Target Release May 2025) |
AMD Radeon™ PRO W5000 Series Graphics Cards AMD Radeon™ PRO W6000 Series Graphics Cards AMD Radeon™ PRO W7000 Series Graphics Cards |
AMD Software: PRO Edition 25.Q2 (25.10.12) (Target Release June 2025) |
|
AMD Radeon™ RX Vega Series Graphics Cards AMD Radeon™ VII |
AMD Software: Adrenalin Edition 25.8.x (23.19.x.y) (Target Release August 2025) |
Contact your Linux distribution provider |
| AMD Radeon™ PRO VII | AMD Software: PRO Edition 25.Qx (23.19.x.y) (Target Release August 2025) |
Contact your Linux distribution provider |
Client Processors
Product |
Mitigation |
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Pollock” AMD Ryzen™ 3000 Series Desktop Processors (Formerly codenamed) “Matisse” AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (Formerly codenamed) “Renoir” AM4 AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics (Formerly codenamed) “Cezanne” AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Lucienne” AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Cezanne” AMD Ryzen™ 5000 Series Desktop Processors (Formerly codenamed) “Vermeer” AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (Formerly codenamed) "Rembrandt" AMD Ryzen™ 7000 Series Desktop Processors (Formerly codenamed) “Raphael” X3D AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (Formerly codenamed) “Mendocino” FT6 AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Barcelo-R” AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (Formerly codenamed) “Rembrandt-R” AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics (Formerly codenamed) “Phoenix” FP7/FP7r2/FP8 AMD Ryzen™ 7045 Series Mobile Processors (Formerly codenamed) “Dragon Range” AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Phoenix” AM5 AMD Ryzen™ AI 300 Series Processor (Formerly codenamed) “Strix Point” FP8 |
AMD Software: Adrenalin Edition 25.6.1 (Target Release June 2025) Or AMD Software: PRO Edition 25.10.12 (Target Release June 2025) |
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Dali”/”Dali” ULP AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Picasso” FP5 AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Renoir” FP6 AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Lucienne” AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Cezanne” AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Barcelo” |
AMD Software: Adrenalin Edition 25.8.x (23.19.x.y) (Target Release August 2025) AMD Software: PRO Edition 25.Qx (23.19.x.y) (Target Release August 2025) |
Acknowledgement
AMD thanks Tyler Sorensen, Heidy Khlaaf, Max Ammann, Adelin Travers and Kelly Kaoudis of Trail of Bits for reporting this issue and engaging in coordinated vulnerability disclosure.
Revisions
Revision Date |
Description |
| 2025-04-07 | Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and Client Processors |
| 2025-02-11 | Updated the Mitigation section – Data Center Graphics |
| 2025-01-15 | Mitigation section has been updated and AMD Ryzen™ AI 300 Series Processor (Formerly codenamed) “Strix Point” FP8 has been added to the Client Processors list |
| 2024-11-07 | Mitigation has been updated for MI300 and MI300A Updated driver version from 24.x.y to 25.x.y |
| 2024-10-30 | Updated mitigation targets |
2024-08-02 |
Updated AMD Software: Adrenalin Edition and PRO Edition versions. |
2024-07-30 |
Updated the Mitigation section of AMD RadeonTM Graphics and Client processors product tables |
2024-05-07 |
Added Vega products and Mitigation section with Product tables |
2024-01-26 |
Updated Graphics and Data Center Graphics products |
2024-01-16 |
Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, Athlon, Instinct, Radeon, Ryzen, and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD-PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2025 Advanced Micro Devices, Inc. All rights reserved.