CVE-2025-2148 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pytorch

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 75.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Pytorch Debian Pytorch

Timeline

PublishedMar 10

Description

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5linuxfoundation/pytorch2.6.0+cu124

▶NVDlinuxfoundation/pytorch2.6.0

▶debiandebian/pytorch

🔴Vulnerability Details

OSV

CVE-2025-2148: A vulnerability was found in PyTorch 2↗2025-03-10

▶

GHSA

GHSA-c678-jfcj-6jmf: A vulnerability was found in PyTorch 2↗2025-03-10

▶

📋Vendor Advisories

Debian

CVE-2025-2148: pytorch - A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critic...↗2025

▶