CVE-2025-3136
Severity CVSS v4.0:
MEDIUM
Type:
CWE-119
Buffer Errors
Publication date:
03/04/2025
Last modified:
28/05/2025
Description
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
3.30
Severity 3.x
LOW
Base Score 2.0
1.70
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:linuxfoundation:pytorch:2.6.0:-:*:*:*:python:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/pytorch/pytorch/issues/149821
- https://github.com/pytorch/pytorch/issues/149821#issue-2940838975
- https://github.com/pytorch/pytorch/issues/149821#issuecomment-2765311086
- https://vuldb.com/?ctiid_303041=
- https://vuldb.com/?id_303041=
- https://vuldb.com/?submit_525252=
- https://github.com/ARPANET-cybersecurity/vuldb/issues/2



