提出 #542520: InternLM lmdeploy <=0.7.1 Deserialization情報

タイトル	InternLM lmdeploy <=0.7.1 Deserialization
説明	### 1. Other vulnerability type info CWE-502: Deserialization of Untrusted Data ### 2. Attack Vectors 1. Malicious File Distribution: An attacker creates a malicious `.pt` file with a custom class containing a `__reduce__` method that embeds arbitrary code. They then distribute this file through untrusted channels, such as phishing emails, compromised websites, or insecure file - sharing platforms. If a user or a system administrator uses the vulnerable `load_weight_ckpt` function to load this file, the malicious code will be executed during deserialization. 2. Supply - Chain Attack: In a more complex scenario, an attacker could target the software supply chain. They might inject a malicious `.pt` file into a third - party library or a pre - trained model distribution. When developers or users attempt to load these seemingly legitimate checkpoints using the `load_weight_ckpt` function, the arbitrary code will be triggered, potentially leading to a full - scale compromise of the system. 3. Man - in - the - Middle (MITM) Attack: In a networked environment, an attacker can perform a MITM attack. They intercept the transfer of legitimate `.pt` files and replace them with malicious ones. When the recipient uses the `load_weight_ckpt` function to load the tampered file, the malicious code is executed, giving the attacker control over the system. ### 3. CVE Description lmdeploy is a product for LLM deployment and inference operations. In the codebase, the load_weight_ckpt function is utilized to load checkpoint files. When handling non .safetensors files, it employs the torch.load function without setting the weights_only=True parameter. All versions <=0.7.1 affected. If a maliciously crafted .pt file is loaded by the load_weight_ckpt function, the torch.load function will deserialize the untrusted data within it. During this deserialization process, any arbitrary code embedded in the malicious data will be executed. This vulnerability poses significant risks, including but not limited to unauthorized access to the system, leakage of sensitive data, and potential compromise of the entire system. ### 4. More details https://github.com/InternLM/lmdeploy/issues/3255
ユーザー	ybdesire (UID 83239)
送信	2025年03月25日 10:40 (1 年 ago)
モデレーション	2025年04月03日 09:06 (9 days later)
ステータス	承諾済み
VulDBエントリ	303108 [InternLM LMDeploy 迄 0.7.1 PT File utils.py load_weight_ckpt 特権昇格]
ポイント	17

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!