Medium

server

Out-of-Bounds Write in Shared Memory Operation Interface

This vulnerability involves an out-of-bounds write in the Triton Inference Server's shared memory operation interface, specifically affecting version r23.04 and patched in version 24.04. The flaw arises from insufficient validation of offset and size parameters in shared memory operations, enabling attackers to perform unauthorized memory read and write operations.

Available publicly on May 18 2024

5.5

CVSS:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

Credit:

kirualawliet
Remediation Steps
  • Update to Triton Inference Server version 24.04 or later.
  • Validate all input parameters, especially offsets and sizes, before processing shared memory operations.
  • Implement additional security checks around shared memory operations to detect and prevent exploitation attempts.
  • Regularly audit and monitor server logs for unusual activities that may indicate attempted exploits.
Patch Details
  • Fixed Version: 24.04
  • Patch Commit: https://github.com/triton-inference-server/server/commit/bf430f8589c82c57cc28e64be456c63a65ce7664
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.