Default436352

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0+cu124 **Description** A vulnerability was found in PyTorch, affecting the function `torch.cuda.nccl.reduce` of the file `torch/cuda/nccl.py`. This issue leads to denial of service and can be exploited on the local host. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply a patch identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. As a temporary workaround, consider disabling the `torch.cuda.nccl.reduce` function until a patch is available. Restrict access to the `torch/cuda/nccl.py` file to minimize the risk of exploitation. Avoid using the `torch.cuda.nccl.reduce` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** A problematic issue was found in the `torch.nn.functional.ctc loss` function, located in the file aten/src/ATen/native/LossCTC.cpp. This issue leads to denial of service and can be exploited locally. **Recommendations** For PyTorch version 2.6.0, apply the patch 46fc5d8e360127361211cb237d5f9eef0223e567 to fix this issue. As a temporary workaround, consider disabling the `torch.nn.functional.ctc loss` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** MindSpore version 2.5.0 **Description** A vulnerability was found in MindSpore, affecting the function `mindspore.numpy.fft.hfftn`. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. **Recommendations** For MindSpore version 2.5.0, as a temporary workaround, consider disabling the `mindspore.numpy.fft.hfftn` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** A problematic vulnerability has been found in PyTorch, affecting the function `torch.cuda.memory.caching allocator delete` of the file `c10/cuda/CUDACachingAllocator.cpp`. The manipulation leads to memory corruption. An attack must be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `torch.cuda.memory.caching allocator delete` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** A problematic vulnerability has been found in PyTorch, affecting the function `torch.jit.jit module from flatbuffer`. This issue leads to memory corruption and requires local access to exploit. The exploit has been publicly disclosed. **Recommendations** For PyTorch version 2.6.0, as a temporary workaround, consider disabling the `torch.jit.jit module from flatbuffer` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** A critical issue was found in the `torch.lstm cell` function, leading to memory corruption. The attack requires local access. **Recommendations** For PyTorch version 2.6.0, as a temporary workaround, consider disabling the `torch.lstm cell` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** A critical issue has been identified, affecting the `torch.nn.utils.rnn.pad packed sequence` function, which can lead to memory corruption. This issue requires local access to exploit. **Recommendations** For PyTorch version 2.6.0, as a temporary workaround, consider disabling the `torch.nn.utils.rnn.pad packed sequence` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** A critical vulnerability was found in PyTorch, affecting the function `torch.nn.utils.rnn.unpack sequence`. The manipulation of this function leads to memory corruption. Local attacks are required to exploit this issue. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `torch.nn.utils.rnn.unpack sequence` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0 **Description** An issue exists in the `torch.jit.script()` function that can lead to memory corruption. This flaw allows an attack to be launched on the local host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `torch.jit.script()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0+cu124 **Description** A problematic issue has been found, affecting the function `torch.mkldnn max pool2d`, which can lead to denial of service. The manipulation requires a local approach. **Recommendations** For PyTorch version 2.6.0+cu124, as a temporary workaround, consider disabling the `torch.mkldnn max pool2d` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0+cu124 **Description** A critical vulnerability was found in the function `torch.ops.profiler. call end callbacks on jit fut` of the component Tuple Handler. The manipulation of the argument `None` leads to memory corruption. The attack can be launched remotely, and the complexity of an attack is rather high. The exploitation appears to be difficult. **Recommendations** As a temporary workaround, consider disabling the `torch.ops.profiler. call end callbacks on jit fut` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyTorch version 2.6.0+cu124 **Description** A problem was found in the Quantized Sigmoid Module, specifically in the `nnq Sigmoid` function. The issue arises from the manipulation of the `scale` and `zero point` arguments, leading to improper initialization. The attack requires local access and is considered difficult to exploit due to its high complexity. **Recommendations** For PyTorch version 2.6.0+cu124, as a temporary workaround, consider restricting the use of the `nnq Sigmoid` function in the Quantized Sigmoid Module until a patch is available. Avoid manipulating the `scale` and `zero point` arguments in the affected function to minimize the risk of exploitation.