YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
OpenVINO Unsafe Numpy Deserialization PoC โ DESER-VULN-01
Vulnerability
Unsafe np.load(allow_pickle=True) in CPU plugin developer tool at src/plugins/intel_cpu/tools/dump_check/dump_check.py:69.
NumPy's default since v1.16.3 (2019) is allow_pickle=False to prevent deserialization attacks. This code explicitly overrides the safety default.
PoC
poc_numpy_deser.py creates a crafted .npy file containing a pickle payload. When loaded by dump_check.py, arbitrary code executes.
Reproduction
python poc_numpy_deser.py
# Creates malicious_dump.npy
# Simulate dump_check.py:
python -c "import numpy as np; np.load('malicious_dump.npy', allow_pickle=True)"
cat /tmp/openvino-deser-proof.txt
# Shows: uid=... output from injected command
Impact
Arbitrary code execution when developers load untrusted dump files for debugging.
CWE
CWE-502 (Deserialization of Untrusted Data)
CVSS
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H โ 7.8
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐ Ask for provider support