Vulnerabilities > CVE-2025-2953 - Unspecified vulnerability in Linuxfoundation Pytorch 2.6.0+Cu124

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linuxfoundation

NVD

Published: 2025-03-30

Updated: 2025-04-22

Summary

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Vulnerable Configurations

Part	Description	Count
Application	Linuxfoundation Linuxfoundation Pytorch 2.6.0\+Cu124	1

References

https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
https://github.com/pytorch/pytorch/issues/149274
https://github.com/pytorch/pytorch/issues/149274
https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
https://vuldb.com/?ctiid.302006
https://vuldb.com/?id.302006
https://vuldb.com/?submit.521279