CVE-2023-4969

GPU kernel implementations susceptible to memory leak

CVSS 6.5 MEDIUMEPSS 1.2%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Khronos Group · OpenCL Khronos Group · Vulkan

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.trailofbits.com https://kb.cert.org/vuls/id/446598 https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html https://www.kb.cert.org/vuls/id/446598