AI Learning Software: Critical vulnerability in Nvidia’s Flare SDK
Nvidia’s machine learning SDK NVFlare contains a critical security vulnerability. Attackers could inject malicious code from afar.
In NVidia’s NVFlare SDK, unprivileged attackers from the network could abuse a critical vulnerability to inject malicious code, paralyze vulnerable systems or damage their confidentiality and integrity. The reason for this is the insecure use of the Python pickles module for serializing and deserializing data in the DXO module.
The NVFlare SDK is a software development kit that allows other vendors to build and offer an artificial intelligence training environment. The users that Nvidia lists for the open source project include Microsoft Azure and US companies from the healthcare sector.
Unsafe component
The problem stems from the developers using the pickles module in the SDK to transfer object data. In its documentation it is clearly written that the module is not secure and users should only “depickle” data that they trust. It is possible to use it to prepare data in such a way that it executes any code when “depickled”. And this is exactly the vulnerability that the module has ripped into NVFlare (CVE-2022-34668, CVSS 9.8risk “critical“).
The vulnerability affects all NVFlare versions prior to the current 2.1.4. In the new version, the SDK developers threw out the Pickle module and replaced it with MessagePack. However, this has some side effects, as not all objects supported by Pickle could be serialized with it. The programmers have made the necessary adjustments for internal objects, but refer to further documentation in their security warning that explains how to use them correctly.
Developers using the NVFlare SDK should migrate to the latest version as soon as possible. In particular, cloud services such as Microsoft’s Azure could quickly be targeted by attackers through such a gap.
Security gaps in SDKs often lead to far-reaching problems. In the Internet of Things (IoT) environment in particular, it can happen that devices cannot or can hardly be equipped with updated software. Millions of IoT devices such as baby monitors or IP cameras can be eavesdropped on by unauthorized persons due to such SDK vulnerabilities.
