Primary

Context

MindSpore Memory Corruption Vulnerability in FFT Functions

Vulnerability

A memory corruption vulnerability has been identified in MindSpore version 2.5.0. The issue arises in the functions 'mindspore.numpy.fft.hfftn' and 'mindspore.numpy.fft.rfft2', where improper handling of data can lead to memory corruption. This vulnerability can be exploited locally.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by calling the 'mindspore.numpy.fft.hfftn' or 'mindspore.numpy.fft.rfft2' functions in MindSpore version 2.5.0. The improper handling of data in these functions will cause a segmentation fault, crashing the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

3.6

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

3.6

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MindSpore Memory Corruption Vulnerability in FFT Functions

Vulnerability

Impact

Reproduction

Affected Products

MindSpore

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating