Primary

Context

MindSpore Memory Corruption Vulnerability in FFT Functions

Vulnerability

A memory corruption vulnerability has been identified in MindSpore version 2.5.0. The issue arises in the 'mindspore.numpy.fft.rfft2' and 'mindspore.numpy.fft.hfftn' functions, where improper handling of input can lead to segmentation faults, causing a denial-of-service condition. This vulnerability must be exploited locally.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by importing the 'mindspore.numpy' module and creating a tensor with the 'randint' function. The 'hfftn' function can be called with an empty 'axes' parameter, which will trigger a segmentation fault. Similarly, the 'rfft2' function can be called with a tensor created in the same manner, also resulting in a segmentation fault.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MindSpore Memory Corruption Vulnerability in FFT Functions

Vulnerability

Impact

Reproduction

Affected Products

MindSpore

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating