AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAmd Aiter
APPAmd≤ 0.1.14
Related vulnerabilities
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially ...
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain R...
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation ...
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compro...
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SM...