CVE-2024-50050 is a deserialization vulnerability classified under CWE-502 affecting Meta Platforms, Inc's Llama Stack prior to the revision 7a8aa775e5a267cf8660d83140011a0b7f91e005. The root cause is the use of Python's pickle module for serializing data transmitted over sockets. Pickle is inherently unsafe when handling untrusted input because it can instantiate arbitrary objects and execute arbitrary code during deserialization. An attacker with network access and low privileges could send crafted pickle data to the vulnerable Llama Stack instance, triggering remote code execution. This could lead to unauthorized code running with the privileges of the Llama Stack process, potentially compromising confidentiality, integrity, and availability of the system. The vulnerability does not require user interaction but does require network access and low privileges, making it moderately easy to exploit in exposed environments. Meta addressed the issue by replacing pickle serialization with JSON, a safer format that does not allow arbitrary code execution during deserialization. No public exploits or active attacks have been reported yet. The CVSS v3.1 base score is 6.3, reflecting medium severity due to network attack vector, low attack complexity, and partial impact on confidentiality, integrity, and availability.

The vulnerability enables remote code execution on systems running vulnerable versions of Llama Stack, potentially allowing attackers to execute arbitrary commands with the privileges of the Llama Stack process. This can lead to data leakage, unauthorized data modification, service disruption, or full system compromise depending on the deployment context. Organizations using Llama Stack in production, especially in AI or ML workloads, risk exposure of sensitive data and operational disruption. Since the attack requires network access but no user interaction, exposed services or internal networks with insufficient segmentation are at risk. The medium severity score reflects that while the vulnerability is serious, exploitation requires some level of access and privileges, limiting its impact compared to more critical remote code execution flaws. However, if exploited, the consequences could be severe, including loss of data integrity and availability, and potential lateral movement within networks.

Organizations should immediately update Llama Stack to the fixed revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 or later, which replaces pickle serialization with JSON for socket communication. If immediate patching is not possible, restrict network access to Llama Stack services to trusted hosts only and implement strict firewall rules and network segmentation to minimize exposure. Conduct code audits to ensure no other components use unsafe deserialization methods like pickle with untrusted data. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to monitor for suspicious deserialization activity. Additionally, enforce the principle of least privilege for the Llama Stack process to limit the impact of potential exploitation. Regularly review and update dependency and serialization practices to avoid similar vulnerabilities in the future.