The severity is HIGH due to the potential for unsecured build processes and optimizations leading to remote code execution on Android devices. The vulnerability could be exploited in real-world scenarios where users have built the library from source.
The security advisory details a vulnerability in the LocalLLaMA image generation library on mid-tier Android phones, leading to potential exploitation through unsecured code optimizations and source builds. Users who manually built or optimized the base library are at risk of remote code execution.
Affected Systems
- LocalLLaMA image generation library
Affected Versions: All versions before automatic patching was implemented
Remediation
- Remove any manually optimized or sourced builds of LocalLLaMA and revert to official distributions.
- Apply the latest security patches provided by the developers for LocalLLaMA.
- Ensure that all future updates are obtained from verified sources.
Stack Impact
This affects mid-tier Android phones used with custom-built versions of LocalLLaMA. No specific services or components like nginx, docker, etc., are directly affected unless they interact with the vulnerable code on these devices.