PT-2025-19794 · Pytorch+1 · Pytorch+1
Default436352
·
Published
2025-05-05
·
Updated
2025-05-06
·
CVE-2025-4287
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
PyTorch version 2.6.0+cu124
Description
A vulnerability was found in PyTorch, affecting the function
torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. This issue leads to denial of service and can be exploited on the local host. The exploit has been disclosed to the public and may be used.Recommendations
To fix this issue, apply a patch identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. As a temporary workaround, consider disabling the
torch.cuda.nccl.reduce function until a patch is available. Restrict access to the torch/cuda/nccl.py file to minimize the risk of exploitation. Avoid using the torch.cuda.nccl.reduce function in the affected API endpoint until the issue is resolved.Exploit
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Pytorch