- Description
- A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
- Source
- cna@vuldb.com
- NVD status
- Modified
- CNA Tags
- disputed
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 1.7
- Impact score
- 2.9
- Exploitability score
- 3.1
- Vector string
- AV:L/AC:L/Au:S/C:N/I:N/A:P
- cna@vuldb.com
- CWE-404
- Hype score
- Not currently trending
CVE-2025-2953 Local Denial of Service Vulnerability in PyTorch 2.6.0+cu124 Torch... https://t.co/HAZQj78XK2 Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
30 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2953 A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipul… https://t.co/A2OWamy7MV
@CVEnew
30 Mar 2025
514 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:pytorch:2.6.0\\+cu124:*:*:*:*:python:*:*",
"vulnerable": true,
"matchCriteriaId": "856CF4AA-00F8-4BBF-BF25-B128CEFE7DFC"
}
],
"operator": "OR"
}
]
}
]