- Security researchers find way to abuse Meta’s Llama LLM for remote code execution
- Meta addressed the problem in early October 2024
- The problem was using pickle as a serialization format for socket communication
Meta’s Llama Large Language Model (LLM) had a vulnerability which could have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.
Cybersecurity researchers from Oligo Security published an in-depth analysis about a bug tracked as CVE-2024-50050, which according to the National Vulnerability Database (NVD), carries a severity score of 6.3 (medium).
The bug was discovered in a component called Llama Stack, designed to optimize the deployment, scaling, and integration of large language models.
Oligo described the affected version as “vulnerable to deserialization of untrusted data, meaning that an attacker can execute arbitrary code by sending malicious data that is deserialized.”
NVD describes the flaw like this: “Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution”.
“Socket communication has been changed to use JSON instead,” it added.
The researchers tipped Meta off about the bug on September 24, and the company addressed it on October 10, by pushing versions 0.0.41. The Hacker News notes the flaw has also been remediated in pyzmq, a Python library that provides access to the ZeroMQ messaging library.
Together with the patch, Meta released a security advisory in which it told the community it had fixed a remote code execution risk associated with using pickle as a serialization format for socket communication. The solution was to switch to the JSON format.
LLaMA, or Large Language Model Meta AI is a series of large language models developed by social media giant, Meta. These models are designed for natural language processing (NLP) tasks, such as text generation, summarization, translation, and more.
