CVE-2024-12044
📋 TL;DR
This critical vulnerability allows remote code execution in open-mmlab/mmdetection v3.3.0 through unsafe deserialization in distributed training. Attackers can execute arbitrary code by sending malicious payloads to the distributed training network. Users running distributed training with mmdetection v3.3.0 are affected.
💻 Affected Systems
- open-mmlab/mmdetection
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all nodes in distributed training cluster, data exfiltration, ransomware deployment, or use as botnet nodes.
Likely Case
Unauthorized code execution on training nodes leading to model theft, data corruption, or credential harvesting.
If Mitigated
Limited impact if network segmentation isolates training clusters and proper input validation is implemented.
🎯 Exploit Status
Exploitation requires network access to distributed training communication channels. The vulnerability is in a public bounty program with disclosed details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v3.3.1 or later
Vendor Advisory: https://github.com/open-mmlab/mmdetection/security/advisories
Restart Required: Yes
Instructions:
1. Update mmdetection to v3.3.1 or later using pip: pip install mmdetection>=3.3.1
2. Restart all distributed training processes
3. Verify the pickle.loads() call has been removed from all_reduce_dict()
🔧 Temporary Workarounds
Network Segmentation
allIsolate distributed training network from untrusted networks
Disable Distributed Training
linuxTemporarily disable distributed training features if not required
Set environment variable: export NCCL_DEBUG=INFO
Use single-node training only
🧯 If You Can't Patch
- Implement strict network ACLs to allow only trusted nodes in distributed training cluster
- Monitor network traffic for unusual pickle payloads or unexpected serialized objects
🔍 How to Verify
Check if Vulnerable:
Check if using mmdetection v3.3.0 and inspect source code for pickle.loads() in mmdet/engine/runner/loops.py all_reduce_dict() functionCheck Version:
python -c "import mmdet; print(mmdet.__version__)"Verify Fix Applied:
Verify mmdetection version >=3.3.1 and confirm pickle.loads() is removed from the vulnerable function📡 Detection & Monitoring
Log Indicators:
- Unexpected process spawns from training nodes
- Errors in distributed training communication
- Unusual network connections from training nodes
Network Indicators:
- Pickle serialized objects in training network traffic
- Unexpected broadcast messages in training cluster
SIEM Query:
process:spawn AND parent_process:mmdetection OR network:pickle AND dest_port:training_ports