aibrix
aibrix copied to clipboard
vllm-project
xxhash64 Collision Risks and Fixes in aibrix Clusters
Summary
Maliciously crafted prompts may cause hash collisions, leading to prefix cache reuse, which could interfere with subsequent responses and result in unintended behavior.
Details
aibrix's prefix caching mechanism relies on the xxhash64 hash algorithm. Since xxhash64 uses a fixed seed value (e.g., seed=0) in its default configuration, its hash outputs are predictable. Attackers could exploit this determinism to craft specific inputs that generate hash collisions.
Use Case
Impact
If aibrix's hash generation logic lacks randomization (e.g., no dynamic seeds or salting), attackers could leverage xxhash64's predictable nature to inject malicious inputs that collide with target prompts, causing cache pollution and subsequent response errors.
Proposed Solution
Fix Recommendation
In a cluster environment, this issue should be addressed by implementing statistically unique and cryptographically secure xxhash seed values.(not Like vllm https://github.com/advisories/GHSA-rm76-4mrf-v9r8 )This approach would:
Prevent attackers from predicting or forcing collisions. Enable global cache sharing across the cluster while maintaining security.
