Primary

Context

PyTorch Memory Corruption Vulnerability in RNN Utility Functions

Vulnerability

A critical memory corruption vulnerability has been identified in PyTorch version 2.6.0. The issue arises in the function 'torch.nn.utils.rnn.unpack_sequence', where calling the function on an empty 'PackedSequence' leads to a segmentation fault, indicating an invalid memory access. This vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a hard crash of the program.

Reproduction

The vulnerability can be reproduced by importing the 'torch' library and the 'PackedSequence' and 'unpack_sequence' functions from 'torch.nn.utils.rnn'. After creating an empty tensor and an empty 'PackedSequence' with no batch sizes, 'unpack_sequence' is called on the empty 'PackedSequence', which results in a segmentation fault.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Memory Corruption Vulnerability in RNN Utility Functions

Vulnerability

Impact

Reproduction

Affected Products

PyTorch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating