Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel
Vulnerability Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
vLLM 安全漏洞
Vulnerability Description
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.9.0之前版本存在安全漏洞,该漏洞源于PageAttention机制中的时间差异可能被利用。
CVSS Information
N/A
Vulnerability Type
N/A