SB2025051246 - Buffer overflow in PyTorch
Published: May 12, 2025
Security Bulletin ID
SB2025051246
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2025-3136)
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists in the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. A local user can trigger the vulnerability to cause memory corruption.
Remediation
Install update from vendor's website.
References
- https://github.com/ARPANET-cybersecurity/vuldb/issues/2
- https://github.com/pytorch/pytorch/issues/149821
- https://github.com/pytorch/pytorch/issues/149821#issue-2940838975
- https://github.com/pytorch/pytorch/issues/149821#issuecomment-2765311086
- https://vuldb.com/?ctiid.303041
- https://vuldb.com/?id.303041
- https://vuldb.com/?submit.525252