"Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. "These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python's pickle deserialization," Oligo Security researcher Avi Lumelsky said in a report published Thursday."
"At its core, the issue stems from what has been described as a pattern called ShadowMQ, in which the insecure deserialization logic has propagated to several projects as a result of code reuse. The root cause is a vulnerability in Meta's Llama large language model (LLM) framework ( CVE-2024-50050, CVSS score: 6.3/9.3) that was patched by the company last October. Specifically, it involved the use of ZeroMQ's recv_pyobj() method to deserialize incoming data using Python's pickle module. This, coupled with the fact that the framework exposed the ZeroMQ socket over the network, opened the door to a scenario where an attacker can execute arbitrary code by sending malicious data for deserialization."
Critical remote code execution vulnerabilities affect major AI inference engines from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. The root cause is unsafe deserialization using ZeroMQ and Python's pickle, forming a pattern called ShadowMQ that spread through code reuse and direct copy-paste. A specific instance, CVE-2024-50050 in Meta's Llama framework, involved ZeroMQ's recv_pyobj() deserializing untrusted data on a network-exposed socket, enabling arbitrary code execution. The same unsafe pattern appeared in NVIDIA TensorRT-LLM, Microsoft Sarathi-Serve, Modular Max Server, vLLM, and SGLang, and fixes were applied to Llama and the pyzmq library.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]