Linuxfoundation Pytorch vulnerabilities

CVE-2025-2998 [MEDIUM] CWE-119 CVE-2025-2998: A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulne A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVE-2025-3000 [MEDIUM] CWE-119 CVE-2025-3000: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function to A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-2953 [MEDIUM] CWE-404 CVE-2025-2953: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affecte A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still

CVE-2025-2149 [LOW] CWE-665 CVE-2025-2149: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exp

CVE-2025-2148 [LOW] CWE-119 CVE-2025-2148: A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather hi

CVE-2024-48063 [CRITICAL] CWE-502 CVE-2024-48063: In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple par In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

CVE-2024-31584 [MEDIUM] CWE-125 CVE-2024-31584: Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobil Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

CVE-2024-31583 [HIGH] CWE-416 CVE-2024-31583: Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

CVE-2024-31580 [MEDIUM] CWE-122 CVE-2024-31580: PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the componen PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2022-45907 [CRITICAL] CWE-94 CVE-2022-45907: In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execut In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.