Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47277 (GCVE-0-2025-47277)
Vulnerability from cvelistv5 – Published: 2025-05-20 17:32 – Updated: 2025-05-20 17:52
VLAI
EPSS
Title
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
Summary
vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe` class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the `PyNcclCommunicator` class, while CPU-side control message passing is handled via the `send_obj` and `recv_obj` methods on the CPU side. The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/vllm-project/vllm/security/adv… | x_refsource_CONFIRM |
| https://github.com/vllm-project/vllm/pull/15988 | x_refsource_MISC |
| https://github.com/vllm-project/vllm/commit/0d6e1… | x_refsource_MISC |
| https://docs.vllm.ai/en/latest/deployment/security.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| vllm-project | vllm |
Affected:
>= 0.6.5, < 0.8.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T17:52:22.643444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:52:31.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vllm",
"vendor": "vllm-project",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.6.5, \u003c 0.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the\u00a0`PyNcclPipe`\u00a0class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the\u00a0`PyNcclCommunicator`\u00a0class, while CPU-side control message passing is handled via the\u00a0`send_obj`\u00a0and\u00a0`recv_obj`\u00a0methods on the CPU side.\u200b The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:32:27.034Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
},
{
"name": "https://github.com/vllm-project/vllm/pull/15988",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"name": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"name": "https://docs.vllm.ai/en/latest/deployment/security.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
}
],
"source": {
"advisory": "GHSA-hjq4-87xh-g4fv",
"discovery": "UNKNOWN"
},
"title": "vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47277",
"datePublished": "2025-05-20T17:32:27.034Z",
"dateReserved": "2025-05-05T16:53:10.373Z",
"dateUpdated": "2025-05-20T17:52:31.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47277",
"date": "2026-06-04",
"epss": "0.00865",
"percentile": "0.75473"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47277\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-20T18:15:46.730\",\"lastModified\":\"2025-08-13T16:35:57.357\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the\u00a0`PyNcclPipe`\u00a0class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the\u00a0`PyNcclCommunicator`\u00a0class, while CPU-side control message passing is handled via the\u00a0`send_obj`\u00a0and\u00a0`recv_obj`\u00a0methods on the CPU side.\u200b The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.\"},{\"lang\":\"es\",\"value\":\"vLLM, un motor de inferencia y servicio para modelos de lenguaje grandes (LLM), presenta un problema en las versiones 0.6.5 a 0.8.4 que SOLO afecta a entornos que utilizan la integraci\u00f3n de transferencia de cach\u00e9 KV `PyNcclPipe` con el motor V0. Ninguna otra configuraci\u00f3n se ve afectada. vLLM admite el uso de la clase `PyNcclPipe` para establecer un dominio de comunicaci\u00f3n punto a punto para la transmisi\u00f3n de datos entre nodos distribuidos. La transmisi\u00f3n de cach\u00e9 KV del lado de la GPU se implementa mediante la clase `PyNcclCommunicator`, mientras que el paso de mensajes de control del lado de la CPU se gestiona mediante los m\u00e9todos `send_obj` y `recv_obj` en el lado de la CPU. El objetivo era que esta interfaz solo se expusiera a una red privada utilizando la direcci\u00f3n IP especificada por el par\u00e1metro de CLI `--kv-ip`. La documentaci\u00f3n de vLLM explica c\u00f3mo esto debe limitarse a una red segura. El comportamiento predeterminado e intencional de PyTorch es que la interfaz `TCPStore` escucha en TODAS las interfaces, independientemente de la direcci\u00f3n IP proporcionada. La direcci\u00f3n IP proporcionada solo se usaba como direcci\u00f3n del cliente. vLLM se corrigi\u00f3 para usar una soluci\u00f3n alternativa que obligaba a la instancia `TCPStore` a vincular su socket a una interfaz privada espec\u00edfica. A partir de la versi\u00f3n 0.8.5, vLLM limita el socket `TCPStore` a la interfaz privada configurada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vllm:vllm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.6.5\",\"versionEndExcluding\":\"0.8.5\",\"matchCriteriaId\":\"24BAE45E-0FCF-4E74-953A-88F12E093C0F\"}]}]}],\"references\":[{\"url\":\"https://docs.vllm.ai/en/latest/deployment/security.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vllm-project/vllm/pull/15988\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47277\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T17:52:22.643444Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T17:52:28.565Z\"}}], \"cna\": {\"title\": \"vLLM Allows Remote Code Execution via PyNcclPipe Communication Service\", \"source\": {\"advisory\": \"GHSA-hjq4-87xh-g4fv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vllm-project\", \"product\": \"vllm\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.6.5, \u003c 0.8.5\"}]}], \"references\": [{\"url\": \"https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv\", \"name\": \"https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vllm-project/vllm/pull/15988\", \"name\": \"https://github.com/vllm-project/vllm/pull/15988\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7\", \"name\": \"https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.vllm.ai/en/latest/deployment/security.html\", \"name\": \"https://docs.vllm.ai/en/latest/deployment/security.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the\\u00a0`PyNcclPipe`\\u00a0class to establish a peer-to-peer communication domain for data transmission between distributed nodes. The GPU-side KV-Cache transmission is implemented through the\\u00a0`PyNcclCommunicator`\\u00a0class, while CPU-side control message passing is handled via the\\u00a0`send_obj`\\u00a0and\\u00a0`recv_obj`\\u00a0methods on the CPU side.\\u200b The intention was that this interface should only be exposed to a private network using the IP address specified by the `--kv-ip` CLI parameter. The vLLM documentation covers how this must be limited to a secured network. The default and intentional behavior from PyTorch is that the `TCPStore` interface listens on ALL interfaces, regardless of what IP address is provided. The IP address given was only used as a client-side address to use. vLLM was fixed to use a workaround to force the `TCPStore` instance to bind its socket to a specified private interface. As of version 0.8.5, vLLM limits the `TCPStore` socket to the private interface as configured.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502: Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-20T17:32:27.034Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47277\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T17:52:31.274Z\", \"dateReserved\": \"2025-05-05T16:53:10.373Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-20T17:32:27.034Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:15840
Vulnerability from csaf_redhat - Published: 2025-09-15 16:11 - Updated: 2025-12-18 23:32Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (AMD) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (AMD) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15840",
"url": "https://access.redhat.com/errata/RHSA-2025:15840"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48379",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-47277",
"url": "https://access.redhat.com/security/cve/cve-2025-47277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15840.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)",
"tracking": {
"current_release_date": "2025-12-18T23:32:26+00:00",
"generator": {
"date": "2025-12-18T23:32:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15840",
"initial_release_date": "2025-09-15T16:11:16+00:00",
"revision_history": [
{
"date": "2025-09-15T16:11:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-18T18:18:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-18T23:32:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-amd-rhel9@sha256%3A49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1756815221"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-05-20T18:00:58.703636+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, Red Hat products are configured to restrict vLLM nodes to an isolated network. However, this vulnerability could become relevant if customers change the specific configurations, and therefore, Red Hat products are affected.\n\nThis vulnerability is classified as Moderate rather than Critical because its exploitability and impact are constrained by specific deployment contexts and assumptions about network trust boundaries. While the use of pickle.loads on untrusted input typically leads to remote code execution (RCE), the vulnerable PyNcclPipe interface is not intended to be exposed to the internet or untrusted networks, it is designed for use within a secured, internal cluster environment as explicitly documented by vLLM. Successful exploitation requires an attacker to have direct network access to a misconfigured or poorly segmented system where the KV cache transfer service is bound to a public interface. Additionally, the vulnerable code path exists only in a niche configuration (V0 engine with PyNcclPipe), further reducing its exposure. Therefore, while the flaw does introduce RCE risk in misconfigured setups, the combination of non-default exposure, clear documentation, and limited applicability justifies a reduced impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47277"
},
{
"category": "external",
"summary": "RHBZ#2367605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605"
},
{
"category": "external",
"summary": "RHSB-2025-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2025-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277"
},
{
"category": "external",
"summary": "https://docs.vllm.ai/en/latest/deployment/security.html",
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/15988",
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
}
],
"release_date": "2025-05-20T17:32:27.034000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:16+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15840",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15840"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
},
{
"cve": "CVE-2025-48379",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-01T19:00:57.380377+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375795"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "RHBZ#2375795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9041",
"url": "https://github.com/python-pillow/Pillow/pull/9041"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
}
],
"release_date": "2025-07-01T18:33:30.687000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:16+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15840",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-amd-rhel9@sha256:49cfb622a1dc03438e4683661257d8e178d32bf508cbf649ba4637b9a4b79180_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow"
}
]
}
RHSA-2025:15841
Vulnerability from csaf_redhat - Published: 2025-09-15 16:11 - Updated: 2025-12-18 23:32Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15841",
"url": "https://access.redhat.com/errata/RHSA-2025:15841"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48379",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-47277",
"url": "https://access.redhat.com/security/cve/cve-2025-47277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15841.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2025-12-18T23:32:26+00:00",
"generator": {
"date": "2025-12-18T23:32:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15841",
"initial_release_date": "2025-09-15T16:11:26+00:00",
"revision_history": [
{
"date": "2025-09-15T16:11:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-17T22:18:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-18T23:32:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-nvidia-rhel9@sha256%3A539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1756799326"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"product_id": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-nvidia-rhel9@sha256%3A4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c?arch=arm64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1756799326"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-05-20T18:00:58.703636+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, Red Hat products are configured to restrict vLLM nodes to an isolated network. However, this vulnerability could become relevant if customers change the specific configurations, and therefore, Red Hat products are affected.\n\nThis vulnerability is classified as Moderate rather than Critical because its exploitability and impact are constrained by specific deployment contexts and assumptions about network trust boundaries. While the use of pickle.loads on untrusted input typically leads to remote code execution (RCE), the vulnerable PyNcclPipe interface is not intended to be exposed to the internet or untrusted networks, it is designed for use within a secured, internal cluster environment as explicitly documented by vLLM. Successful exploitation requires an attacker to have direct network access to a misconfigured or poorly segmented system where the KV cache transfer service is bound to a public interface. Additionally, the vulnerable code path exists only in a niche configuration (V0 engine with PyNcclPipe), further reducing its exposure. Therefore, while the flaw does introduce RCE risk in misconfigured setups, the combination of non-default exposure, clear documentation, and limited applicability justifies a reduced impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47277"
},
{
"category": "external",
"summary": "RHBZ#2367605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605"
},
{
"category": "external",
"summary": "RHSB-2025-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2025-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277"
},
{
"category": "external",
"summary": "https://docs.vllm.ai/en/latest/deployment/security.html",
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/15988",
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
}
],
"release_date": "2025-05-20T17:32:27.034000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:26+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15841",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15841"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
},
{
"cve": "CVE-2025-48379",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-01T19:00:57.380377+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375795"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "RHBZ#2375795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9041",
"url": "https://github.com/python-pillow/Pillow/pull/9041"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
}
],
"release_date": "2025-07-01T18:33:30.687000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:26+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15841",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:4a40fcdfb64b4cec6dfb0d0ee5c475fc89124ce80d911dd85f5951238b6c980c_arm64",
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-nvidia-rhel9@sha256:539b3bb9fc9330fe7237b7292ce8b112a38dd22bfff9f090e82a518f9b2f2376_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow"
}
]
}
RHSA-2025:15842
Vulnerability from csaf_redhat - Published: 2025-09-15 16:11 - Updated: 2025-12-18 23:32Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15842",
"url": "https://access.redhat.com/errata/RHSA-2025:15842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48379",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-47277",
"url": "https://access.redhat.com/security/cve/cve-2025-47277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15842.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2025-12-18T23:32:28+00:00",
"generator": {
"date": "2025-12-18T23:32:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15842",
"initial_release_date": "2025-09-15T16:11:25+00:00",
"revision_history": [
{
"date": "2025-09-15T16:11:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-17T22:18:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-18T23:32:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-azure-nvidia-rhel9@sha256%3A0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1756815370"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-05-20T18:00:58.703636+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, Red Hat products are configured to restrict vLLM nodes to an isolated network. However, this vulnerability could become relevant if customers change the specific configurations, and therefore, Red Hat products are affected.\n\nThis vulnerability is classified as Moderate rather than Critical because its exploitability and impact are constrained by specific deployment contexts and assumptions about network trust boundaries. While the use of pickle.loads on untrusted input typically leads to remote code execution (RCE), the vulnerable PyNcclPipe interface is not intended to be exposed to the internet or untrusted networks, it is designed for use within a secured, internal cluster environment as explicitly documented by vLLM. Successful exploitation requires an attacker to have direct network access to a misconfigured or poorly segmented system where the KV cache transfer service is bound to a public interface. Additionally, the vulnerable code path exists only in a niche configuration (V0 engine with PyNcclPipe), further reducing its exposure. Therefore, while the flaw does introduce RCE risk in misconfigured setups, the combination of non-default exposure, clear documentation, and limited applicability justifies a reduced impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47277"
},
{
"category": "external",
"summary": "RHBZ#2367605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605"
},
{
"category": "external",
"summary": "RHSB-2025-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2025-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277"
},
{
"category": "external",
"summary": "https://docs.vllm.ai/en/latest/deployment/security.html",
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/15988",
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
}
],
"release_date": "2025-05-20T17:32:27.034000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:25+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15842",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15842"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
},
{
"cve": "CVE-2025-48379",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-01T19:00:57.380377+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375795"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "RHBZ#2375795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9041",
"url": "https://github.com/python-pillow/Pillow/pull/9041"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
}
],
"release_date": "2025-07-01T18:33:30.687000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:25+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15842",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-azure-nvidia-rhel9@sha256:0981388b134c612dde4275c1f9570d5cb684117ede06e12edbc021eb8e1529d2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow"
}
]
}
RHSA-2025:15843
Vulnerability from csaf_redhat - Published: 2025-09-15 16:14 - Updated: 2025-12-18 23:32Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (AMD) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications. This container provides NVIDIA hardware enablement and the InstructLab application stack.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (AMD) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications. This container provides NVIDIA hardware enablement and the InstructLab application stack.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15843",
"url": "https://access.redhat.com/errata/RHSA-2025:15843"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48379",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-47277",
"url": "https://access.redhat.com/security/cve/cve-2025-47277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15843.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)",
"tracking": {
"current_release_date": "2025-12-18T23:32:33+00:00",
"generator": {
"date": "2025-12-18T23:32:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15843",
"initial_release_date": "2025-09-15T16:14:09+00:00",
"revision_history": [
{
"date": "2025-09-15T16:14:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-17T22:18:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-18T23:32:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64",
"product_id": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64",
"product_identification_helper": {
"purl": "pkg:oci/instructlab-amd-rhel9@sha256%3Af34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1756791391"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-05-20T18:00:58.703636+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, Red Hat products are configured to restrict vLLM nodes to an isolated network. However, this vulnerability could become relevant if customers change the specific configurations, and therefore, Red Hat products are affected.\n\nThis vulnerability is classified as Moderate rather than Critical because its exploitability and impact are constrained by specific deployment contexts and assumptions about network trust boundaries. While the use of pickle.loads on untrusted input typically leads to remote code execution (RCE), the vulnerable PyNcclPipe interface is not intended to be exposed to the internet or untrusted networks, it is designed for use within a secured, internal cluster environment as explicitly documented by vLLM. Successful exploitation requires an attacker to have direct network access to a misconfigured or poorly segmented system where the KV cache transfer service is bound to a public interface. Additionally, the vulnerable code path exists only in a niche configuration (V0 engine with PyNcclPipe), further reducing its exposure. Therefore, while the flaw does introduce RCE risk in misconfigured setups, the combination of non-default exposure, clear documentation, and limited applicability justifies a reduced impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47277"
},
{
"category": "external",
"summary": "RHBZ#2367605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605"
},
{
"category": "external",
"summary": "RHSB-2025-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2025-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277"
},
{
"category": "external",
"summary": "https://docs.vllm.ai/en/latest/deployment/security.html",
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/15988",
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
}
],
"release_date": "2025-05-20T17:32:27.034000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:14:09+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15843",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15843"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
},
{
"cve": "CVE-2025-48379",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-01T19:00:57.380377+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375795"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "RHBZ#2375795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9041",
"url": "https://github.com/python-pillow/Pillow/pull/9041"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
}
],
"release_date": "2025-07-01T18:33:30.687000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:14:09+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15843",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15843"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-amd-rhel9@sha256:f34417c39c2f3b78f306d4249e892a9edf61f2a88bb18a3484c1df9716bdd324_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow"
}
]
}
RHSA-2025:15867
Vulnerability from csaf_redhat - Published: 2025-09-15 17:51 - Updated: 2025-12-18 23:32Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (Intel Gaudi)
Severity
Important
Notes
Topic: Red Hat Enterprise Linux AI 1.5 (Intel Gaudi) is now available.
Details: Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications. This container provides NVIDIA hardware enablement and the InstructLab application stack.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (Intel Gaudi) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications. This container provides NVIDIA hardware enablement and the InstructLab application stack.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15867",
"url": "https://access.redhat.com/errata/RHSA-2025:15867"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48379",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-47277",
"url": "https://access.redhat.com/security/cve/cve-2025-47277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15867.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (Intel Gaudi)",
"tracking": {
"current_release_date": "2025-12-18T23:32:30+00:00",
"generator": {
"date": "2025-12-18T23:32:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15867",
"initial_release_date": "2025-09-15T17:51:02+00:00",
"revision_history": [
{
"date": "2025-09-15T17:51:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-17T22:18:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-18T23:32:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64",
"product_id": "registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/instructlab-intel-rhel9@sha256%3A2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1757955810"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-05-20T18:00:58.703636+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, Red Hat products are configured to restrict vLLM nodes to an isolated network. However, this vulnerability could become relevant if customers change the specific configurations, and therefore, Red Hat products are affected.\n\nThis vulnerability is classified as Moderate rather than Critical because its exploitability and impact are constrained by specific deployment contexts and assumptions about network trust boundaries. While the use of pickle.loads on untrusted input typically leads to remote code execution (RCE), the vulnerable PyNcclPipe interface is not intended to be exposed to the internet or untrusted networks, it is designed for use within a secured, internal cluster environment as explicitly documented by vLLM. Successful exploitation requires an attacker to have direct network access to a misconfigured or poorly segmented system where the KV cache transfer service is bound to a public interface. Additionally, the vulnerable code path exists only in a niche configuration (V0 engine with PyNcclPipe), further reducing its exposure. Therefore, while the flaw does introduce RCE risk in misconfigured setups, the combination of non-default exposure, clear documentation, and limited applicability justifies a reduced impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47277"
},
{
"category": "external",
"summary": "RHBZ#2367605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605"
},
{
"category": "external",
"summary": "RHSB-2025-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2025-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277"
},
{
"category": "external",
"summary": "https://docs.vllm.ai/en/latest/deployment/security.html",
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/15988",
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
}
],
"release_date": "2025-05-20T17:32:27.034000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T17:51:02+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15867",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15867"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
},
{
"cve": "CVE-2025-48379",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-01T19:00:57.380377+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375795"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "RHBZ#2375795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9041",
"url": "https://github.com/python-pillow/Pillow/pull/9041"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
}
],
"release_date": "2025-07-01T18:33:30.687000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T17:51:02+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15867",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15867"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/instructlab-intel-rhel9@sha256:2ec7df6d207c24989660f42e656340581fa488fed399ec343cda5b288f3f1f7c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow"
}
]
}
WID-SEC-W-2025-2883
Vulnerability from csaf_certbund - Published: 2025-12-18 23:00 - Updated: 2025-12-18 23:00Summary
Red Hat Enterprise AI Inference Server (vLLM): Schwachstelle ermöglicht Codeausführung
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in Red Hat Enterprise AI Inference Server ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux AI Inference Server (ROCm) <3.0
Red Hat / Enterprise Linux
|
AI Inference Server (ROCm) <3.0 | ||
|
Red Hat Enterprise Linux AI Inference Server (CUDA) <3.0
Red Hat / Enterprise Linux
|
AI Inference Server (CUDA) <3.0 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus einem angrenzenden Netzwerk kann eine Schwachstelle in Red Hat Enterprise AI Inference Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2883 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2883.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2883 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2883"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:10404"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:10403"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise AI Inference Server (vLLM): Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-12-18T23:00:00.000+00:00",
"generator": {
"date": "2025-12-19T11:20:00.838+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2883",
"initial_release_date": "2025-12-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "AI Inference Server (CUDA) \u003c3.0",
"product": {
"name": "Red Hat Enterprise Linux AI Inference Server (CUDA) \u003c3.0",
"product_id": "T049556"
}
},
{
"category": "product_version",
"name": "AI Inference Server (CUDA) 3.0",
"product": {
"name": "Red Hat Enterprise Linux AI Inference Server (CUDA) 3.0",
"product_id": "T049556-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:ai_inference_server_%2528cuda%2529__3.0"
}
}
},
{
"category": "product_version_range",
"name": "AI Inference Server (ROCm) \u003c3.0",
"product": {
"name": "Red Hat Enterprise Linux AI Inference Server (ROCm) \u003c3.0",
"product_id": "T049557"
}
},
{
"category": "product_version",
"name": "AI Inference Server (ROCm) 3.0",
"product": {
"name": "Red Hat Enterprise Linux AI Inference Server (ROCm) 3.0",
"product_id": "T049557-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:ai_inference_server_%2528rocm%2529__3.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"product_status": {
"known_affected": [
"T049557",
"T049556"
]
},
"release_date": "2025-12-18T23:00:00.000+00:00",
"title": "CVE-2025-47277"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…