PT-2025-10577 · Pytorch+1 · Pytorch+1
Default436352
·
Published
2025-02-25
·
Updated
2026-02-26
·
CVE-2025-2149
CVSS v4.0
2.0
Low
| Vector | AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
PyTorch version 2.6.0+cu124
Description
A problem was found in the Quantized Sigmoid Module, specifically in the
nnq Sigmoid function. The issue arises from the manipulation of the scale and zero point arguments, leading to improper initialization. The attack requires local access and is considered difficult to exploit due to its high complexity.Recommendations
For PyTorch version 2.6.0+cu124, as a temporary workaround, consider restricting the use of the
nnq Sigmoid function in the Quantized Sigmoid Module until a patch is available. Avoid manipulating the scale and zero point arguments in the affected function to minimize the risk of exploitation.Exploit
Fix
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Pytorch