Main Vulnerability Database SB2026030561

SB2026030561 - Improper locking in PyTorch

Published: March 5, 2026

Security Bulletin ID SB2026030561

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2025-63396)

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to the omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization. An authenticated local user with physical access to the system can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.

Remediation

Install update from vendor's website.

References

http://pytorch.com
https://github.com/Daisy2ang
https://github.com/pytorch/pytorch
https://github.com/pytorch/pytorch/issues/156563