CVE-2025-2953Improper Resource Shutdown or Release in Pytorch

CWE-404Improper Resource Shutdown or ReleaseCWE-125Out-of-bounds ReadCWE-476NULL Pointer Dereference9 documents6 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 64.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Linuxfoundation PytorchDebian PytorchMsrc Azl3 Pytorch 2.2.2-7 ON Azure Linux 3.0+8 more
Timeline
PublishedMar 30

Description

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages12 packages

CVEListV5linuxfoundation/pytorch2.6.0+cu124
NVDlinuxfoundation/pytorch2.6.0\+cu124

🔴Vulnerability Details

3
GHSA
PyTorch susceptible to local Denial of Service2025-03-30
OSV
CVE-2025-2953: A vulnerability, which was classified as problematic, has been found in PyTorch 22025-03-30
OSV
PyTorch susceptible to local Denial of Service2025-03-30

📋Vendor Advisories

5
Red Hat
torch: PyTorch torch.mkldnn_max_pool2d denial of service2025-03-30
Microsoft
PyTorch torch.mkldnn_max_pool2d denial of service2025-03-11
Debian
CVE-2025-2953: pytorch - A vulnerability, which was classified as problematic, has been found in PyTorch ...2025
Microsoft
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.2023-05-09
Microsoft
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sou2022-08-09