CVE-2025-65891

High CVSS: 7.5

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.

Vendor

Oneflow

Product

Oneflow

CWE

CWE-400

Yayın Tarihi

2026-01-28 18:16:50

Güncelleme

2026-02-03 17:55:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-400 Oneflow HIGH Oneflow 2026

Referanslar

http://oneflow.com https://github.com/Daisy2ang https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10661

Benzer Kayıtlar

Medium

CVE-2025-71011

An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of O…

Medium

CVE-2025-71008

A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable componen…

Medium

CVE-2025-71009

An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to c…

High

CVE-2025-71007

An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denia…

High

CVE-2025-71003

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of…

Medium

CVE-2025-71004

A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Ser…