The_Kernel_Panic

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers Perceiver Model (affected versions not specified) **Description** A flaw exists in the parsing of model files within Hugging Face Transformers Perceiver Model, stemming from insufficient validation of user-supplied data. This can lead to the deserialization of untrusted data, potentially allowing a remote attacker to execute code in the context of the current user. User interaction is required, as the target must visit a malicious page or open a malicious file to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** A flaw exists in Hugging Face Transformers due to insufficient validation of user-supplied data during the parsing of model files. This can lead to the deserialization of untrusted data, potentially allowing a remote attacker to execute arbitrary code in the context of the current user. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger exploitation. This issue was identified as ZDI-CAN-25424. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers MobileViTV2 (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files due to the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers MaskFormer Model (affected versions not specified) **Description** This issue involves the deserialization of untrusted data within the Hugging Face Transformers MaskFormer Model, potentially leading to remote code execution. Successful exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The root cause is insufficient validation of user-supplied data during the parsing of model files, which allows for the deserialization of untrusted data. An attacker can exploit this to execute code within the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of model files, resulting from the lack of proper validation of user-supplied data, which can lead to deserialization of untrusted data. An attacker can leverage this issue to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.