CVE-2025-2953: PyTorch susceptible to local Denial of Service
(updated )
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
References
- github.com/advisories/GHSA-3749-ghw9-m3mg
- github.com/pytorch/pytorch
- github.com/pytorch/pytorch/blob/main/SECURITY.md
- github.com/pytorch/pytorch/issues/149274
- github.com/pytorch/pytorch/issues/149274
- nvd.nist.gov/vuln/detail/CVE-2025-2953
- vuldb.com/?ctiid.302006
- vuldb.com/?id.302006
- vuldb.com/?submit.521279
Code Behaviors & Features
Detect and mitigate CVE-2025-2953 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →