| タイトル | vllm-project vllm 0.19.0 Denial of Service |
|---|
| 説明 | vLLM contains a denial of service vulnerability in its OpenAI-compatible serving path. A remote client can submit a valid completion request using amplification-prone parameters such as n > 1 together with large logprobs, causing severe cross-tenant latency inflation and effective starvation of unrelated co-scheduled requests. The server remains responsive and continues processing the attacker-controlled request, but victim requests may be delayed for seconds to minutes or fail to receive a first token while the crafted request is in flight. This issue affects availability in shared multi-tenant deployments and is caused by insufficient resource isolation and request-cost control.
upstream investigation in vLLM #37343 (https://github.com/vllm-project/vllm/issues/37343) shows this is not just “big requests are expensive,” but a scheduler/engine amplification path with host-side preemption, Even moderate settings such as n=8 and logprobs=20 can cause severe cross-tenant delay (76–423× TTFT regression)
In local testing on a single H100 GPU, a request with n=16 and logprobs=20 increased victim TTFT from about 13 ms at baseline to about 18 s. Multiple concurrent requests of this form further worsened the effect, making it possible for an attacker to sustain an effective denial of service against co-scheduled tenants.
In vLLM security.md: https://github.com/vllm-project/vllm/blob/799973af4e618190bfeae053517c0f53c9f8be96/docs/usage/security.md?plain=1#L240
vLLM does document that n can be dangerous, and it does enforce implementation-level bounds on both n and logprobs. However, the documentation does not appear to adequately warn that permitted values of n and logprobs can still induce severe cross-tenant denial-of-service behavior in shared deployments. |
|---|
| ソース | ⚠️ https://github.com/vllm-project/vllm/issues/37343 |
|---|
| ユーザー | Zyz3366 (UID 97230) |
|---|
| 送信 | 2026年04月28日 05:56 (1 月 ago) |
|---|
| モデレーション | 2026年05月26日 07:45 (28 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 365601 [vllm-project vllm 0.19.0 OpenAI-compatible Serving Path サービス拒否] |
|---|
| ポイント | 20 |
|---|