-
-
Save shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a to your computer and use it in GitHub Desktop.
CVE-2025-46153
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2025-46153 | |
| [Description] | |
| An issue in pytorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to execute arbitrary code via the torch.nn.Dropout1d, torch.nn.Dropout2d, and torch.nn.Dropout3d components | |
| [Additional Information] | |
| Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/143460) in the latest version of PyTorch. | |
| [VulnerabilityType Other] | |
| Incorrect Calculation | |
| [Vendor of Product] | |
| https://github.com/pytorch/pytorch | |
| [Affected Product Code Base] | |
| PyTorch - Affected in v2.6.0. Fixed in v2.7.0 | |
| [Affected Component] | |
| PyTorch APIs: torch.nn.Dropout1d, torch.nn.Dropout2d, and torch.nn.Dropout3d | |
| [Attack Type] | |
| Remote | |
| [Attack Vectors] | |
| Attackers request users to compile the PyTorch model. `torch.nn.Dropout1d` will output incorrect results after using torch.compile() even if set config.fallback_random = True. More details can be found in https://github.com/pytorch/pytorch/issues/142853 | |
| [Reference] | |
| https://github.com/pytorch/pytorch/issues/142853 | |
| https://github.com/pytorch/pytorch/pull/143460 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment