Found 3 bookmarks
Newest
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU…
#trailofbits#EN#2024#Apple#LeftoverLocals#AMD#GPU#Qualcomm#leak#memory
·blog.trailofbits.com·
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
Stranger Strings: An exploitable flaw in SQLite
Stranger Strings: An exploitable flaw in SQLite
Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022). CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is compiled; arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases.
#trailofbits#EN#2022#CVE-2022-35737#SQLite
·blog.trailofbits.com·
Stranger Strings: An exploitable flaw in SQLite
Stranger Strings: An exploitable flaw in SQLite
Stranger Strings: An exploitable flaw in SQLite
Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022). CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is compiled; arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases.
#trailofbits#EN#2022#CVE-2022-35737#SQLite
·blog.trailofbits.com·
Stranger Strings: An exploitable flaw in SQLite