PT-2024-32976 · Facebook+1 · Pytorch+1
Aftersnow
+2
·
Published
2024-10-29
·
Updated
2025-07-16
·
CVE-2024-48063
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PyTorch versions prior to 2.4.1
Description
The issue concerns the RemoteModule in PyTorch, which is reported to have Deserialization RCE. However, it is noted that this behavior is intended in PyTorch distributed computing and is disputed by multiple parties.
Recommendations
For versions prior to 2.4.1, consider restricting the use of the RemoteModule to minimize the risk of exploitation until a clearer resolution or guidance is provided.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Pytorch