PyTorch Memory Corruption Vulnerability in JIT Module Loading Function

A memory corruption vulnerability has been identified in PyTorch version 2.6.0. The issue arises in the function 'torch.jit.jit_module_from_flatbuffer', where improper handling of input leads to memory being accessed outside of its intended boundaries. This vulnerability requires local access to exploit and has been publicly disclosed, with a proof-of-concept available.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by creating a simple neural network model using PyTorch's 'nn.Sequential' module. After scripting the model with 'torch.jit.script', it is saved to a Flatbuffer file using 'torch.jit.save_jit_module_to_flatbuffer'. The model is then loaded back from the Flatbuffer file with 'torch.jit.jit_module_from_flatbuffer' and a sample input tensor is passed to it. This process triggers a segmentation fault, indicating a memory corruption issue.