llama.cpp Security Update Advisory (CVE-2024-42479)

Sep 24 2024

Overview

An update has been released to address vulnerabilities in llama.cpp. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-42479

llama.cpp versions: ~ b3561 (excluded)

Resolved Vulnerabilities

Insecure `data` pointer member in `rpc_tensor` structure could cause arbitrary address writes (CVE-2024-42479)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-42479

llama.cpp version: b3561

References

[1] CVE-2024-42479 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-42479

[2] Write-what-where in rpc_server::set_tensor

https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-wcr5-566p-9cwj

llama.cpp Security Update Advisory (CVE-2024-42479)

Acronis Product Security Update Advisory (CVE-2024-8767)

Intel Product Security Update Advisory

Tags:

Acronis Product Security Update Advisory (CVE-2024-8767)

Intel Product Security Update Advisory