CVE-2026-53923: vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

June 17, 2026

Integer truncation of tensor dimensions in vLLM’s GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users’ inference requests, constituting information disclosure.

References

github.com/advisories/GHSA-5jv2-g5wq-cmr4
github.com/vllm-project/vllm/commit/f219788f91952827132fa4fdf916427cd20d225e
github.com/vllm-project/vllm/pull/44971
github.com/vllm-project/vllm/security/advisories/GHSA-5jv2-g5wq-cmr4
nvd.nist.gov/vuln/detail/CVE-2026-53923

Code Behaviors & Features

Detect and mitigate CVE-2026-53923 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →