Artificial intelligence tech giant Nvidia has flagged a major security flaw in its NeMo generative-AI framework, warning that malicious hackers can execute code and tamper with data on systems utilizing the platform.
“NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering,” the company said in an advisory.
Nvidia tagged the issue as CVE-2024-0129 with a CVSS severity score of 6.3/10. The issue affects the framework on Windows, Linux and MacOS systems.
The company released a patch on the NeMo GitHub repository and urged users to upgrade all instances to version r2.0.0rc0 or later.
Nvidia NeMo is used to streamline the development of custom generative AI that includes large language models (LLMs), multimodal, vision, and speech AI.
It provides tooling for enterprises looking to build tailored gen-AI products with features for fine-tuning, model training, and inference on platforms ranging from data centers to edge devices.
The NeMo framework helps developers to efficiently create, customize, and deploy new generative AI models by leveraging existing code and pre-trained model checkpoints.
Related: Critical Nvidia Flaw Exposes Cloud AI Systems to Host Takeover
Related: Nvidia Patches High-Risk Vulnerabilities in AI, Networking Products
Related: Nvidia Patches High-Severity GPU Driver Vulnerabilities
