As Artificial Intelligence technology continues to advance, so do the threats caused by vulnerabilities in complex systems like Large Language Model (LLM)s. A serious security flaw was discovered in Meta’s Llama LLM framework. This flaw, if successfully exploited, could let attackers run any code they want on the Llama-stack inference server.
This security flaw, known as CVE-2024-50050, has a CVSS score of 6.3 out of 10.0. However, Snyk, a supply chain security firm, rates it more critically at 9.3 out of 10.0. According to Oligo Security researcher Avi Lumelsky, attackers can send harmful data that gets processed, allowing them to execute any code.
This Remote Code Execution (RCE) flaw is very concerning for the Llama Stack component as it affects the Python Inference API, which uses a risky format called pickle for data processing. If the ZeroMQ socket is exposed to the network, attackers can send harmful objects to this socket. When these objects are processed, attackers can execute their code on the host machine.
Meta addressed this issue on October 10, 2024, by releasing version 0.0.41. They fixed the flaw by switching from the pickle format to JSON format for data processing. The fix is also applied to pyzmq, a Python library for messaging.
As Deep Instinct researcher Mark Vaitzman explains, the risks posed by LLMs are not new but are evolving. LLMs are making cyber threats more efficient and widespread. With advancements in technology, these threats are likely to become even more autonomous.
The flaw emphasizes the need for companies to be continuously vigilant with their products, make timely updates, and adhere to best security practices to safeguard sensitive data.
About the author:
