| Título | InternLM lmdeploy <=0.7.1 Deserialization |
|---|
| Descripción | ### 1. Other vulnerability type info
CWE-502: Deserialization of Untrusted Data
### 2. Attack Vectors
1. Malicious File Distribution: An attacker creates a malicious `.pt` file with a custom class containing a `__reduce__` method that embeds arbitrary code. They then distribute this file through untrusted channels, such as phishing emails, compromised websites, or insecure file - sharing platforms. If a user or a system administrator uses the vulnerable `load_weight_ckpt` function to load this file, the malicious code will be executed during deserialization.
2. Supply - Chain Attack: In a more complex scenario, an attacker could target the software supply chain. They might inject a malicious `.pt` file into a third - party library or a pre - trained model distribution. When developers or users attempt to load these seemingly legitimate checkpoints using the `load_weight_ckpt` function, the arbitrary code will be triggered, potentially leading to a full - scale compromise of the system.
3. Man - in - the - Middle (MITM) Attack: In a networked environment, an attacker can perform a MITM attack. They intercept the transfer of legitimate `.pt` files and replace them with malicious ones. When the recipient uses the `load_weight_ckpt` function to load the tampered file, the malicious code is executed, giving the attacker control over the system.
### 3. CVE Description
lmdeploy is a product for LLM deployment and inference operations. In the codebase, the load_weight_ckpt function is utilized to load checkpoint files. When handling non .safetensors files, it employs the torch.load function without setting the weights_only=True parameter. All versions <=0.7.1 affected.
If a maliciously crafted .pt file is loaded by the load_weight_ckpt function, the torch.load function will deserialize the untrusted data within it. During this deserialization process, any arbitrary code embedded in the malicious data will be executed. This vulnerability poses significant risks, including but not limited to unauthorized access to the system, leakage of sensitive data, and potential compromise of the entire system.
### 4. More details
https://github.com/InternLM/lmdeploy/issues/3255
|
|---|
| Usuario | ybdesire (UID 83239) |
|---|
| Sumisión | 2025-03-25 10:40 (hace 1 Año) |
|---|
| Moderación | 2025-04-03 09:06 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 303108 [InternLM LMDeploy hasta 0.7.1 PT File utils.py load_weight_ckpt escalada de privilegios] |
|---|
| Puntos | 17 |
|---|