GPU Memory Leaks
Bulletin ID: AMD-SB-6010
Potential Impact: Data leakage
Severity: Medium
Summary
Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.” According to their research, a compromised GPU kernel could potentially read local memory values from another kernel.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
| CVE-2023-4969 | Medium | Insufficient clearing of GPU memory could allow a compromised GPU kernel to read local memory values from another kernel across user or application boundaries leading to loss of confidentiality. |
Mitigation
AMD has created a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products. This mode is not enabled by default and needs to be set by an administrator. AMD expects performance impacts if the new mode is enabled in environments where multiple processes would have been running simultaneously on the GPU. The performance impact will be related to the number of processes that would have been running in parallel. Additionally, a lesser performance impact may arise due to the additional clearing of registers between processes.
Instructions for enabling the new mode can be found in the relevant release notes and/or product documentation.
AMD started rolling out mitigation options beginning in May 2024 through applicable driver updates.
2024-05-07 Update:
AMD recommends updating to the latest driver version as indicated below for your product.
Data Center Graphics
| Product | Inter-VM Mitigation | Bare Metal/Intra-VM Mitigation |
| AMD Instinct™ MI210 | Host Driver 7.0.5 + MU4 Firmware update (2025-06-09) |
ROCm 6.3.1 |
| AMD Instinct™ MI250 | N/A | ROCm 6.3.1 |
| AMD Instinct™ MI300A | N/A | ROCm 6.2.4 |
| AMD Instinct™ MI300X | Host driver update released May 2024 | ROCm 6.2.4 |
| AMD Radeon™ Instinct™ MI25 AMD Radeon™ PRO V520 AMD Radeon™ PRO V620 AMD Radeon™ PRO V710 |
Contact your AMD Customer Engineering representative. | Contact your AMD Customer Engineering representative. |
Note: If you need support for MI100 products, contact your AMD Customer Engineering representative.
AMD Radeon™ Graphics
| Product | Windows Mitigation | Linux Mitigation |
| AMD Radeon™ RX 5000 Series Graphics Cards AMD Radeon™ RX 6000 Series Graphics Cards |
AMD Software: Adrenalin Edition 25.x.x (25.10.x.y) (Target Release August 2025) |
Radeon Software for Linux 25.10.1 (2025-05-21) |
| AMD Radeon™ RX 7000 Series Graphics Cards AMD Radeon™ RX 9000 Series Graphics Cards AMD Radeon™ AI PRO 9000 Series Graphics Cards |
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01) (2025-06-05) |
|
| AMD Radeon™ PRO W5000 Series Graphics Cards AMD Radeon™ PRO W6000 Series Graphics Cards |
AMD Software: PRO Edition 25.Qx (25.10.x) (Target Release August 2025) |
|
| AMD Radeon™ PRO W7000 Series Graphics Cards | AMD Software: PRO Edition 25.Q2 (25.10.10) (2025-06-05) |
|
| AMD Radeon™ RX Vega Series Graphics Cards AMD Radeon™ VII |
AMD Software: Adrenalin Edition 25.8.x (23.19.x.y) (Target Release August 2025) |
Contact your Linux distribution provider |
| AMD Radeon™ PRO VII | AMD Software: PRO Edition 25.Qx (23.19.x.y) (Target Release August 2025) |
Contact your Linux distribution provider |
The below Client processors include integrated graphics. To apply the recommended graphics mitigations for your AMD Client processor, locate the graphics architecture supported by your processor below and then refer to the table linked below for the mitigated version appropriate for your system.
AMD Athlon™ and AMD Ryzen™ Desktop Processors
| Product | Former Code Name | Integrated AMD Radeon™ Graphics | Mitigation |
| AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
“Picasso” | AMD Radeon™ RX Vega Series | AMD Software: Refer to the AMD Radeon™ Graphics Products tables above for the mitigated version appropriate for your system. |
| AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics |
“Renoir” | AMD Radeon™ RX Vega Series AMD Radeon™ PRO VII Series |
|
| AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics |
“Cezanne” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 7000 Series Desktop Processors | “Raphael” | AMD Radeon™ RX 6000 Series | |
| AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics |
“Phoenix” | AMD Radeon™ RX 7000 Series AMD Radeon™ PRO W7000 Series |
|
| AMD Ryzen™ 9000 Series Desktop Processors | "Granite Ridge" | AMD Radeon™ RX 6000 Series |
AMD Athlon™ and AMD Ryzen™ Mobile Processors
| Product | Former Code Name | Integrated AMD Radeon™ Graphics | Mitigation |
| AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
"Dali" | AMD Radeon™ RX Vega Series | AMD Software: Refer to the AMD RadeonTM Graphics Products tables above for the mitigated version appropriate for your system. |
| AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
“Picasso” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics |
“Dali” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
“Renoir” | AMD Radeon™ RX Vega Series AMD Radeon™ PRO VII Cards |
|
| AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics |
“Barcelo” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
“Lucienne” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
“Cezanne” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
“Rembrandt” | AMD Radeon™ RX 6000 Series AMD Radeon™ PRO W6000 Series |
|
| AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
“Mendocino” | AMD Radeon™ RX 6000 Series | |
| AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics |
“Barcelo-R” | AMD Radeon™ RX Vega Series | |
| AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
“Rembrandt-R” | AMD Radeon™ RX 6000 Series AMD Radeon™ PRO W6000 Series |
|
| AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics |
“Phoenix” | AMD Radeon™ RX 7000 Series AMD Radeon™ PRO W7000 Series |
|
| AMD Ryzen™ 7045 Series Mobile Processors | “Dragon Range” | AMD Radeon™ RX 6000 Series | |
| AMD Ryzen™ AI 300 Series Processor | “Strix Point” | AMD Radeon™ RX 7000 Series AMD Radeon™ PRO W7000 Series |
|
| AMD Ryzen™ AI Max 300 Series Processors | "Strix Halo" | AMD Radeon™ RX 7000 Series AMD Radeon™ PRO W7000 Series |
|
| AMD Ryzen™ 9000HX Series Processors | "Fire Range" | AMD Radeon™ RX 6000 Series | |
| AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics |
"Hawk Point" | AMD Radeon™ RX 7000 Series AMD Radeon™ PRO W7000 Series |
|
| AMD Ryzen™ Z1 Series Processors | "Phoenix" | AMD Radeon™ RX 7000 Series | |
| AMD Ryzen™ Z2 Series Processors | "Hawk Point" “Strix Point” | AMD Radeon™ RX 7000 Series | |
| AMD Ryzen™ Z2 Series Processors | “Rembrandt” | AMD Radeon™ RX 6000 Series |
Acknowledgement
AMD thanks Tyler Sorensen, Heidy Khlaaf, Max Ammann, Adelin Travers and Kelly Kaoudis of Trail of Bits for reporting this issue and engaging in coordinated vulnerability disclosure.
Revisions
| Revision Date | Description |
| 2025-06-23 | Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and revised Client Processors table |
| 2025-04-07 | Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and Client Processors |
| 2025-02-11 | Updated the Mitigation section – Data Center Graphics |
| 2025-01-15 | Mitigation section has been updated and AMD Ryzen™ AI 300 Series Processor (Formerly codenamed) “Strix Point” FP8 has been added to the Client Processors list |
| 2024-11-07 | Mitigation has been updated for MI300 and MI300A Updated driver version from 24.x.y to 25.x.y |
| 2024-10-30 | Updated mitigation targets |
| 2024-08-02 | Updated AMD Software: Adrenalin Edition and PRO Edition versions. Removed: AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (Not affected) Added: AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics and AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics |
| 2024-07-30 | Updated the Mitigation section of AMD RadeonTM Graphics and Client processors product tables Updated Data Center Graphics Inter-VM and Bare Metal/Intra-VM Mitigation product tables Updated mitigation section month for driver update rollout |
| 2024-05-07 | Added Vega products and Mitigation section with Product tables |
| 2024-01-26 | Updated Graphics and Data Center Graphics products |
| 2024-01-16 | Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, Athlon, Instinct, Radeon, Ryzen, and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD-PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2025 Advanced Micro Devices, Inc. All rights reserved.