ExecuTorch Out-of-Bounds Access Vulnerability Leading to Runtime Crash and Potential Code Execution

A vulnerability allowing out-of-bounds access has been identified in ExecuTorch models, prior to commit fb03b6f85596a8f954d97929075335255b6a58d4. This vulnerability can cause the runtime to crash and may lead to code execution or other undesirable effects.

Impact

Exploitation of this vulnerability can cause a runtime crash, with the potential for code execution or other negative effects.

Reproduction

The vulnerability can be reproduced by loading a model into ExecuTorch that has been crafted to exploit the out-of-bounds access issue. This can be done by creating a model that includes improper tensor handling, such as exceeding the expected number of arguments or manipulating tensor sizes in a way that the model loader does not properly validate. Once the model is loaded, the out-of-bounds access will occur, causing a crash and potentially allowing for code execution.

Remediation

Users should update to the version of ExecuTorch that includes the commit fb03b6f85596a8f954d97929075335255b6a58d4, which addresses this vulnerability.