CVE-2025-4287 — Improper Resource Shutdown or Release in Pytorch

CWE-404 — Improper Resource Shutdown or Release5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 77.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Pytorch Msrc Azl3 Pytorch 2.2.2-7 ON Azure Linux 3.0 Msrc Cbl2 Pytorch 2.0.0-9 ON CBL Mariner 2.0

Timeline

PublishedMay 5

Latest updateMay 13

Description

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/pytorch

▶msrcmsrc/azl3_pytorch_2.2.2-7_on_azure_linux_3.0

▶msrcmsrc/cbl2_pytorch_2.0.0-9_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2025-4287: A vulnerability was found in PyTorch 2↗2025-05-05

▶

GHSA

GHSA-vw34-v45x-2c97: A vulnerability was found in PyTorch 2↗2025-05-05

▶

📋Vendor Advisories

Microsoft

PyTorch nccl.py torch.cuda.nccl.reduce denial of service↗2025-05-13

▶

Debian

CVE-2025-4287: pytorch - A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problemat...↗2025

▶