SB2026030561 - Improper locking in PyTorch
Published: March 5, 2026
Security Bulletin ID
SB2026030561
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Partial DoS
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper locking (CVE-ID: CVE-2025-63396)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to the omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization. An authenticated local user with physical access to the system can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.
Remediation
Install update from vendor's website.