Msrc Azl3 Pytorch 2.2.2-7 On Azure Linux 3.0 vulnerabilities

CVE-2025-55558 [HIGH] CWE-400 A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft prod

CVE-2025-55560 [HIGH] CWE-400 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potent

CVE-2025-55551 [HIGH] An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cust

CVE-2025-55553 [HIGH] CWE-248 A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro i

CVE-2025-55557 [HIGH] CWE-248 A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main bene

CVE-2025-46150 [MEDIUM] In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2025-46152 [MEDIUM] CWE-787 In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use th

CVE-2025-46153 [MEDIUM] CWE-1176 PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. FAQ: Is Azure Linux t

CVE-2025-46149 [MEDIUM] CWE-617 In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

CVE-2025-55554 [MEDIUM] CWE-190 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it

CVE-2025-55552 [HIGH] CWE-190 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to

CVE-2025-46148 [MEDIUM] In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2025-51480 [HIGH] CWE-22 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing t Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. FAQ: I

CVE-2025-4565 [HIGH] CWE-674 Unbounded recursion in Python Protobuf Unbounded recursion in Python Protobuf FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2025-4287 [MEDIUM] CWE-404 PyTorch nccl.py torch.cuda.nccl.reduce denial of service PyTorch nccl.py torch.cuda.nccl.reduce denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whic

CVE-2025-32434 [CRITICAL] CWE-502 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution PyTorch: `torch.load` with `weights_only=True` leads to remote code execution FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2025-3730 [MEDIUM] CWE-404 PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2025-2998 [MEDIUM] CWE-119 PyTorch torch.nn.utils.rnn.pad_packed_sequence memory corruption PyTorch torch.nn.utils.rnn.pad_packed_sequence memory corruption Mariner: Mariner VulDB: VulDB Customer Action Required: Yes

CVE-2025-2953 [MEDIUM] CWE-404 PyTorch torch.mkldnn_max_pool2d denial of service PyTorch torch.mkldnn_max_pool2d denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2024-5187 [HIGH] CWE-22 Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx Arbitrary File Overwrite in download_model_with_test_data in onnx/onnx FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s