Lucene search
K

5 matches found

CVE
CVE
added 2026/06/22 9:59 p.m.24 views

CVE-2026-54235

Summary: CVE-2026-54235 affects vLLM prior to 0.23.1rc0, where temperature validation gates using can silently mis-handle NaN and positive Infinity due to Python IEEE 754 behavior. This allows non-finite temperatures to bypass guards and propagate to GPU sampling kernels, causing undefined behav...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:59 p.m.23 views

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

6.9CVSS0.00261EPSS
Exploits1References3
OSV
OSV
added 2026/06/22 9:59 p.m.2 views

CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.23.1rc0, ll temperature validation gates use comparison operators , which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagat...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50490

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description Temperature validation gates use comparison operators that silently evaluate to False when encountering NaN Not a Number or positive Infinity due to Python's IEEE 754 float semantics. These values...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References7
OSV
OSV
added 2024/03/06 11:12 a.m.22 views

BIT-TENSORFLOW-2022-35999 `CHECK` fail in `Conv2DBackpropInput` in TensorFlow

TensorFlow is an open source platform for machine learning. When Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack. We have patched the issue in...

7.5CVSS6.3AI score0.00396EPSS
Exploits0References3
Rows per page
Query Builder