Vulnerability Description
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Pytorch | 2.6.0\+cu124 |
Related Weaknesses (CWE)
References
- https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
- https://github.com/pytorch/pytorch/issues/149274ExploitIssue Tracking
- https://github.com/pytorch/pytorch/issues/149274#issue-2923122269ExploitIssue Tracking
- https://vuldb.com/?ctiid.302006Permissions RequiredVDB Entry
- https://vuldb.com/?id.302006Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.521279Third Party AdvisoryVDB Entry
- https://github.com/pytorch/pytorch/issues/149274ExploitIssue Tracking
FAQ
What is CVE-2025-2953?
CVE-2025-2953 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service...
How severe is CVE-2025-2953?
CVE-2025-2953 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-2953?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Pytorch.