VU#518910: Ollama GGUF Quantization Remote Memory Leak
Ollama's model quantization engine has a critical heap memory vulnerability. An attacker can exploit this by uploading a malicious GGUF file. This crafted file triggers an out-of-bounds read in the quantization process. The vulnerability stems from a lack of bounds checking on tensor metadata from the GGUF file. Go's unsafe.Slice is then used to create memory slices exceeding valid data buffers. This allows attackers to access unintended heap memory. The leaked data is inadvertently written into a new model layer. Ollama's registry API can then be used to exfiltrate this sensitive heap data. This can lead to unauthorized access, data exposure, and potential system compromise. A patch is not yet available, but restricting model upload access is a recommended interim solution.