Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability has been identified in LightLLM's prefill-decode disaggregation mode, allowing unauthenticated attackers to execute arbitrary code remotely. This issue arises from the direct use of unvalidated, untrusted data in a critical function, posing a significant risk if these specific nodes are accessible from the network. The main concern is to determine if our environment utilizes this mode and if those master nodes are exposed to potential attackers.
- Unauthenticated code execution risk in specific mode.
- Affects model disaggregation and data processing.
- Confirm relevance and potential exposure.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by sending specially crafted binary data over WebSocket to the PD master node. This node handles disaggregated model components and is reachable remotely. The vulnerability lies in its direct use of `pickle.loads()` on incoming data without proper checks, allowing an attacker to execute arbitrary code on the system.
- Entry condition: Attacker can reach PD master node.
- Trigger point: Send crafted binary frames to WebSocket.
- Resulting risk: Arbitrary code execution.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the PD master node by sending a crafted payload over WebSocket. This could impact the availability and integrity of the service.
- System code execution.
- Unauthenticated network access.
- Service disruption and compromise.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability resides within the PD master node of LightLLM, which handles model disaggregation. In typical deployments, these nodes operate within internal infrastructure or clusters. The first practical step is to determine if these PD master nodes are reachable externally or accessible from untrusted internal segments, and to identify the owning team responsible for the LightLLM deployment and its associated infrastructure.
- Identify owning team for LightLLM deployment.
- Verify reachability of PD master nodes.
- Plan remediation based on confirmed risk.