CVE-2024-9053

CVE-2024-9053 is a critical vulnerability in the vllm-project's vllm version 0.6.0, specifically affecting the AsyncEngineRPCServer RPC server entrypoints. The core issue lies in the run_server_loop function, which calls _make_handler_coro that directly invokes cloudpickle.loads on received messages without any sanitization. This unsafe deserialization of untrusted pickle data enables remote code execution. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-502 (Deserialization of Untrusted Data) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command).

Any remote attacker with network access to the vulnerable RPC server can exploit this flaw without authentication, privileges, or user interaction. By crafting and transmitting malicious pickle data, the attacker triggers arbitrary code execution on the server, granting high-impact control over confidentiality, integrity, and availability of the affected system.

Mitigation guidance and additional details are available in the Huntr advisory at https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09.

vLLM serves as a high-throughput inference engine for large language models, highlighting the vulnerability's relevance to AI/ML serving environments where RPC endpoints may be exposed.