CVE-2023-4969

Summary

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called local memory on various architectures.

Affected Software

VendorProductVersion RangeStatus
Khronos GroupOpenCL3.0.11 <= 3.0.11affected
Khronos GroupVulkan1.3.224 <= 1.3.224affected

Weaknesses

  • CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References