CVE-2025-2953

Sažetak

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Reference

https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
https://github.com/pytorch/pytorch/issues/149274
https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
https://vuldb.com/?ctiid.302006
https://vuldb.com/?id.302006
https://vuldb.com/?submit.521279
https://github.com/pytorch/pytorch/issues/149274

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

22-04-2025 - 12:15

Objavljeno

30-03-2025 - 16:15