Linuxfoundation: >> Pytorch Security Vulnerabilities
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-03-30
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
CVSS Score
9.8
EPSS Score
0.152
Published
2024-10-29
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-19
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
4.0
EPSS Score
0.0
Published
2024-04-17
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-04-17
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-11-26
Page 3