vLLM Remote Code Execution Vulnerability via Unsafe Deserialization in Mooncake Integration

A remote code execution vulnerability has been identified in vLLM, a high-throughput inference engine for large language models. This issue arises when vLLM is configured to use Mooncake, as it exposes unsafe deserialization over ZMQ/TCP on all network interfaces. Attackers can exploit this vulnerability to execute remote code on distributed hosts. The problem is rooted in the Mooncake Pipe, which, by design, allows public access to certain sockets over the network, facilitating the exploitation of deserialization vulnerabilities. This vulnerability affects vLLM versions 0.6.5 through 0.8.0.

Impact

Exploitation of this vulnerability allows for remote code execution on affected hosts.

Reproduction

To reproduce this vulnerability, deploy vLLM versions 0.6.5 through 0.8.0 with Mooncake integration enabled. The Mooncake Pipe will automatically expose a socket over ZMQ/TCP, accessible to arbitrary users. When an attacker sends a payload to this socket, the vLLM process will deserialize the data using Python's pickle module, executing any embedded code on the host.

Remediation

This vulnerability has been fixed in vLLM version 0.8.0.