Las7

**Name of the Vulnerable Software and Affected Versions** llama.cpp versions prior to b8492 **Description** A logic bug in the RPC backend's `deserialize tensor()` function allows an unauthenticated attacker to read and write arbitrary process memory. This occurs because bounds validation is skipped when a tensor's `buffer` field is set to 0. By sending crafted 'GRAPH COMPUTE' messages and utilizing pointer leaks from 'ALLOC BUFFER' and 'BUFFER GET BASE', an attacker can achieve a full ASLR (Address Space Layout Randomization) bypass and remote code execution. The attack requires only TCP access to the RPC server port and no authentication. **Recommendations** Update to version b8492.