Primary

Context

PyTorch Memory Corruption Vulnerability in LSTM Cell Function

Vulnerability

A critical memory corruption vulnerability has been identified in PyTorch version 2.6.0, specifically within the 'torch.lstm_cell' function. This vulnerability leads to a segmentation fault, causing a hard crash instead of a runtime error. The issue arises when the function is called with improperly sized tensors, allowing for local exploitation.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a hard crash of the application.

Reproduction

The vulnerability can be reproduced by calling the 'torch.lstm_cell' function with empty input tensors for 'inp', 'hx', and 'cx', and with excessively large values in the weight tensors 'w_ih' and 'w_hh'. This combination of parameters triggers the segmentation fault.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Memory Corruption Vulnerability in LSTM Cell Function

Vulnerability

Impact

Reproduction

Affected Products

PyTorch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating