Warning: Critical Vulnerability In LLaMa Allows For Remote Code Execution, Patch Immediately!
CVE-2024-42479: CVSS v3 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-42479
Risques
Threat actors can execute malicious code on affected systems remotely. Such as writing data to arbitrary memory locations and this can serve as a foundation for a wide range of exploits, including those leading to remote code execution.
The vulnerability has a high impact on confidentiality, integrity, and availability.
Description
The vulnerability stems from a “Write-what-where” condition in the “rpc_server::set_tensor” function. This condition arises from the unsafe handling of data pointers within the “rpc_tensor” structure, potentially enabling attackers to write data to arbitrary memory locations.
A proof-of-concept exploit has been published along with a technical breakdown.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The vulnerability has been patched in version b3561 of the llama_cpp_python package.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Références
GitHub: https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj
Fixed version: https://github.com/ggerganov/llama.cpp/releases/tag/b3561