Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2953

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Published

2025-03-30T16:15:14.380

Last Modified

2025-04-22T12:15:16.043

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.1

Impact Score

2.9

Weaknesses

Type: Primary
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	pytorch	2.6.0\+cu124	Yes

References

https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models ([email protected])
https://github.com/pytorch/pytorch/issues/149274 Exploit, Issue Tracking ([email protected])
https://github.com/pytorch/pytorch/issues/149274#issue-2923122269 Exploit, Issue Tracking ([email protected])
https://vuldb.com/?ctiid.302006 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.302006 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.521279 Third Party Advisory, VDB Entry ([email protected])
https://github.com/pytorch/pytorch/issues/149274 Exploit, Issue Tracking (134c704f-9b21-4f2e-91b3-4a467353bcc0)