From 4ed318a31a6e9fe31fe2c418507de6536003951a Mon Sep 17 00:00:00 2001 From: changtao Date: Tue, 8 Apr 2025 00:59:50 +0800 Subject: [PATCH] fix CVE-2025-29783 --- backport-CVE-2025-29783.patch | 52 +++++++++++++++++++++++++++++++++++ vllm.spec | 9 +++++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-29783.patch diff --git a/backport-CVE-2025-29783.patch b/backport-CVE-2025-29783.patch new file mode 100644 index 0000000..542970f --- /dev/null +++ b/backport-CVE-2025-29783.patch @@ -0,0 +1,52 @@ +From 288ca110f68d23909728627d3100e5a8db820aa2 Mon Sep 17 00:00:00 2001 +From: Kuntai Du +Date: Tue, 4 Mar 2025 15:10:32 -0600 +Subject: [PATCH] [Security] Serialize using safetensors instead of pickle in + Mooncake Pipe (#14228) + +Signed-off-by: KuntaiDu +--- + .../distributed/kv_transfer/kv_pipe/mooncake_pipe.py | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py b/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py +index 8e43586..69049ec 100644 +--- a/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py ++++ b/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py +@@ -1,12 +1,13 @@ + import json + import os +-import pickle + from concurrent.futures import ThreadPoolExecutor + from dataclasses import dataclass + from typing import Optional, Union + + import torch + import zmq ++from safetensors.torch import load as safetensors_load ++from safetensors.torch import save as safetensors_save + + from vllm.config import KVTransferConfig + from vllm.distributed.kv_transfer.kv_pipe.base import KVPipeBase +@@ -235,14 +236,13 @@ class MooncakePipe(KVPipeBase): + return hash(tensor.data_ptr()) + + def _send_impl(self, tensor: torch.Tensor) -> None: +- """Implement the tensor sending logic.""" +- value_bytes = pickle.dumps(tensor) +- self.transfer_engine.send_bytes(value_bytes) ++ """Implement the tensor sending logic using safetensors.""" ++ self.transfer_engine.send_bytes(safetensors_save({"tensor": tensor})) + + def _recv_impl(self) -> torch.Tensor: +- """Implement the tensor receiving logic.""" ++ """Implement the tensor receiving logic using safetensors.""" + data = self.transfer_engine.recv_bytes() +- return pickle.loads(data) ++ return safetensors_load(data)["tensor"].to(self.device) + + def send_tensor(self, tensor: Optional[torch.Tensor]) -> None: + """Send tensor to the target process.""" +-- +2.46.0 + diff --git a/vllm.spec b/vllm.spec index 161b082..ace794b 100644 --- a/vllm.spec +++ b/vllm.spec @@ -3,13 +3,14 @@ Name: vllm Version: 0.6.6.post1 -Release: 3 +Release: 4 Summary: Powerful engine for LLMs License: (Apache-2.0 AND BSD-3-Clause) OR BSD-3-CLause URL: https://github.com/vllm-project/vllm Source0: https://gitee.com/src-openeuler/vllm/raw/master/vllm-%{version}.tar.gz Patch0001: backport-CVE-2025-24357.patch +Patch0002: backport-CVE-2025-29783.patch BuildArch: noarch @@ -64,6 +65,12 @@ mv %{buildroot}/filelist.lst . %files -n python3-%{_name} -f filelist.lst %changelog +* Tue Apr 8 2025 changtao - 0.6.6.post1-4 +- Type:CVE +- CVE:CVE-2025-29783 +- SUG:NA +- DESC:fix CVE-2025-29783 + * Fri Mar 28 2025 changtao - 0.6.6.post1-3 - Type:CVE - CVE:CVE-2025-24357 -- Gitee