CVE-2025-2953

Medium CVSS: 4.8

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Vendor

Linuxfoundation

Product

Pytorch

CWE

CWE-404

Yayın Tarihi

2025-03-30 16:15:14

Güncelleme

2025-04-22 12:15:16

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-404 Pytorch MEDIUM Linuxfoundation 2025

Referanslar

https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models https://github.com/pytorch/pytorch/issues/149274 https://github.com/pytorch/pytorch/issues/149274#issue-2923122269 https://vuldb.com/?ctiid.302006 https://vuldb.com/?id.302006 https://vuldb.com/?submit.521279 https://github.com/pytorch/pytorch/issues/149274

Benzer Kayıtlar

Critical

CVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. I…

Medium

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop…

High

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memo…

Medium

CVE-2026-33014

EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorizat…

Medium

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup cop…

Medium

CVE-2026-27816

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_tra…