GPU Memory Leaks

Bulletin ID:    AMD-SB-6010
Potential Impact: Data leakage
Severity: Medium

Summary

Researchers from Trail of Bits reported a potential vulnerability, titled “LeftoverLocals.”  According to their research, a compromised GPU kernel could potentially read local memory values from another kernel.

CVE Details

Refer to Glossary for explanation of terms

CVE Severity CVE Description
CVE-2023-4969 Medium Insufficient clearing of GPU memory could allow a compromised GPU kernel to read local memory values from another kernel across user or application boundaries leading to loss of confidentiality.

Mitigation

AMD has created a new operating mode designed to prevent processes from running in parallel on the GPU, and to clear registers between processes on supported products.  This mode is not enabled by default and needs to be set by an administrator. AMD expects performance impacts if the new mode is enabled in environments where multiple processes would have been running simultaneously on the GPU.  The performance impact will be related to the number of processes that would have been running in parallel.  Additionally, a lesser performance impact may arise due to the additional clearing of registers between processes.

Instructions for enabling the new mode can be found in the relevant release notes and/or product documentation.

AMD started rolling out mitigation options beginning in May 2024 through applicable driver updates.

2024-05-07 Update:
AMD recommends updating to the latest driver version as indicated below for your product.

Data Center Graphics
Product Inter-VM Mitigation Bare Metal/Intra-VM Mitigation
AMD Instinct™ MI210 Host Driver 7.0.5 + MU4 Firmware update
(2025-06-09)
ROCm 6.3.1
AMD Instinct™ MI250 N/A ROCm 6.3.1
AMD Instinct™ MI300A N/A ROCm 6.2.4
AMD Instinct™ MI300X Host driver update released May 2024 ROCm 6.2.4
AMD Radeon™ Instinct™ MI25
AMD Radeon™ PRO V520
AMD Radeon™ PRO V620
AMD Radeon™ PRO V710
Contact your AMD Customer Engineering representative. Contact your AMD Customer Engineering representative.

Note: If you need support for MI100 products, contact your AMD Customer Engineering representative.

AMD Radeon™ Graphics
Product Windows Mitigation Linux Mitigation
AMD Radeon™ RX 5000 Series Graphics Cards
AMD Radeon™ RX 6000 Series Graphics Cards
AMD Software: Adrenalin Edition 25.x.x (25.10.x.y)
(Target Release August 2025)
Radeon Software for Linux 25.10.1
(2025-05-21)
AMD Radeon™ RX 7000 Series Graphics Cards
AMD Radeon™ RX 9000 Series Graphics Cards
AMD Radeon™ AI PRO 9000 Series Graphics Cards
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01)
(2025-06-05)
AMD Radeon™ PRO W5000 Series Graphics Cards
AMD Radeon™ PRO W6000 Series Graphics Cards
AMD Software: PRO Edition 25.Qx (25.10.x)
(Target Release August 2025)
AMD Radeon™ PRO W7000 Series Graphics Cards AMD Software: PRO Edition 25.Q2 (25.10.10)
(2025-06-05)
AMD Radeon™ RX Vega Series Graphics Cards
AMD Radeon™ VII
AMD Software: Adrenalin Edition 25.8.x (23.19.x.y)
(Target Release August 2025)
Contact your Linux distribution provider
AMD Radeon™ PRO VII AMD Software: PRO Edition 25.Qx (23.19.x.y)
(Target Release August 2025)
Contact your Linux distribution provider

The below Client processors include integrated graphics. To apply the recommended graphics mitigations for your AMD Client processor, locate the graphics architecture supported by your processor below and then refer to the table linked below for the mitigated version appropriate for your system.

AMD Athlon™ and AMD Ryzen™ Desktop Processors
Product Former Code Name Integrated AMD Radeon™ Graphics Mitigation
AMD Athlon™ 3000 Series Desktop Processors
with Radeon™ Graphics
“Picasso” AMD Radeon™ RX Vega Series AMD Software: Refer to the AMD Radeon™ Graphics Products tables above for the mitigated version appropriate for your system.
AMD Ryzen™ 4000 Series Desktop Processors
with Radeon™ Graphics
“Renoir” AMD Radeon™ RX Vega Series
AMD Radeon™ PRO VII Series
AMD Ryzen™ 5000 Series Desktop Processor
with Radeon™ Graphics
“Cezanne” AMD Radeon™ RX Vega Series
AMD Ryzen™ 7000 Series Desktop Processors “Raphael” AMD Radeon™ RX 6000 Series
AMD Ryzen™ 8000 Series Processors
with Radeon™ Graphics
“Phoenix” AMD Radeon™ RX 7000 Series
AMD Radeon™ PRO W7000 Series
AMD Ryzen™ 9000 Series Desktop Processors "Granite Ridge" AMD Radeon™ RX 6000 Series
AMD Athlon™ and AMD Ryzen™  Mobile Processors
Product Former Code Name Integrated AMD Radeon™ Graphics Mitigation
AMD Athlon™ 3000 Series Mobile Processors
with Radeon™ Graphics
"Dali" AMD Radeon™ RX Vega Series AMD Software: Refer to the AMD RadeonTM Graphics Products tables above for the mitigated version appropriate for your system.
AMD Athlon™ 3000 Series Mobile Processors
with Radeon™ Graphics
“Picasso” AMD Radeon™ RX Vega Series
AMD Ryzen™ 3000 Series Mobile Processors
with Radeon™ Graphics
“Dali” AMD Radeon™ RX Vega Series
AMD Ryzen™ 4000 Series Mobile Processors
with Radeon™ Graphics
“Renoir” AMD Radeon™ RX Vega Series
AMD Radeon™ PRO VII Cards
AMD Ryzen™ 5000 Series Processors
with Radeon™ Graphics
“Barcelo” AMD Radeon™ RX Vega Series
AMD Ryzen™ 5000 Series Mobile Processors
with Radeon™ Graphics
“Lucienne” AMD Radeon™ RX Vega Series
AMD Ryzen™ 5000 Series Mobile Processors
with Radeon™ Graphics
“Cezanne” AMD Radeon™ RX Vega Series
AMD Ryzen™ 6000 Series Processors
with Radeon™ Graphics
“Rembrandt” AMD Radeon™ RX 6000 Series
AMD Radeon™ PRO W6000 Series
AMD Ryzen™ 7020 Series Processors
with Radeon™ Graphics
“Mendocino” AMD Radeon™ RX 6000 Series
AMD Ryzen™ 7030 Series Mobile Processors
with Radeon™ Graphics
“Barcelo-R” AMD Radeon™ RX Vega Series
AMD Ryzen™ 7035 Series Processors
with Radeon™ Graphics
“Rembrandt-R” AMD Radeon™ RX 6000 Series
AMD Radeon™ PRO W6000 Series
AMD Ryzen™ 7040 Series Processors
with Radeon™ Graphics
“Phoenix” AMD Radeon™ RX 7000 Series
AMD Radeon™ PRO W7000 Series
AMD Ryzen™ 7045 Series Mobile Processors “Dragon Range” AMD Radeon™ RX 6000 Series
AMD Ryzen™ AI 300 Series Processor “Strix Point” AMD Radeon™ RX 7000 Series
AMD Radeon™ PRO W7000 Series
AMD Ryzen™ AI Max 300 Series Processors "Strix Halo" AMD Radeon™ RX 7000 Series
AMD Radeon™ PRO W7000 Series
AMD Ryzen™ 9000HX Series Processors "Fire Range" AMD Radeon™ RX 6000 Series
AMD Ryzen™ 8040 Series Mobile Processors
with Radeon™ Graphics
"Hawk Point" AMD Radeon™ RX 7000 Series
AMD Radeon™ PRO W7000 Series
AMD Ryzen™ Z1 Series Processors "Phoenix" AMD Radeon™ RX 7000 Series
AMD Ryzen™ Z2 Series Processors "Hawk Point" “Strix Point” AMD Radeon™ RX 7000 Series
AMD Ryzen™ Z2 Series Processors “Rembrandt” AMD Radeon™ RX 6000 Series

Acknowledgement

AMD thanks Tyler Sorensen, Heidy Khlaaf, Max Ammann, Adelin Travers and Kelly Kaoudis of Trail of Bits for reporting this issue and engaging in coordinated vulnerability disclosure.

Revisions 

Revision Date Description
2025-06-23 Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and revised Client Processors table
2025-04-07 Updated the Mitigation section for Data Center Graphics, AMD Radeon Graphics, and Client Processors
2025-02-11 Updated the Mitigation section – Data Center Graphics
2025-01-15 Mitigation section has been updated and AMD Ryzen™ AI 300 Series Processor (Formerly codenamed) “Strix Point” FP8 has been added to the Client Processors list
2024-11-07 Mitigation has been updated for MI300 and MI300A
Updated driver version from 24.x.y to 25.x.y
2024-10-30 Updated mitigation targets
2024-08-02 Updated AMD Software: Adrenalin Edition and PRO Edition versions.
Removed: AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (Not affected)
Added: AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics and AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics
2024-07-30 Updated the Mitigation section of AMD RadeonTM Graphics and Client processors product tables
Updated Data Center Graphics Inter-VM and Bare Metal/Intra-VM Mitigation product tables
Updated mitigation section month for driver update rollout
2024-05-07 Added Vega products and Mitigation section with Product tables
2024-01-26 Updated Graphics and Data Center Graphics products
2024-01-16 Initial publication

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale. 

AMD, the AMD Arrow logo, Athlon, Instinct, Radeon, Ryzen, and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD-PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.

© 2025 Advanced Micro Devices, Inc. All rights reserved.