www.belgium.be Logo of the federal government

Warning: Critical Vulnerability In LLaMa Allows For Remote Code Execution, Patch Immediately!

Referentie: 
Advisory #2024-204
Versie: 
1.0
Geïmpacteerde software: 
llama_cpp_python lower than release b3561
Type: 
Arbitrary address writing remote code execution
CVE/CVSS: 

CVE-2024-42479: CVSS v3 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-42479
 

Risico’s

Threat actors can execute malicious code on affected systems remotely. Such as writing data to arbitrary memory locations and this can serve as a foundation for a wide range of exploits, including those leading to remote code execution.

The vulnerability has a high impact on confidentiality, integrity, and availability.

Beschrijving

The vulnerability stems from a “Write-what-where” condition in the “rpc_server::set_tensor” function. This condition arises from the unsafe handling of data pointers within the “rpc_tensor” structure, potentially enabling attackers to write data to arbitrary memory locations.

A proof-of-concept exploit has been published along with a technical breakdown.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The vulnerability has been patched in version b3561 of the llama_cpp_python package.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

GitHub: https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj
Fixed version: https://github.com/ggerganov/llama.cpp/releases/tag/b3561