PyTorch Pairwise Distance Component Incorrectly Calculates Results in Version 2.6.0

A vulnerability in PyTorch's deep learning compiler, specifically in the 'torch.nn.PairwiseDistance' component when 'eager' execution is used, has been identified. This issue, present in PyTorch versions through 2.6.0, leads to incorrect calculation results. The error allows for the manipulation of model outputs, potentially causing models to make misguided decisions based on the flawed data.

Impact

Exploitation of this vulnerability causes deep learning models to produce incorrect outputs, which can lead to erroneous decision-making processes in applications relying on these models.

Reproduction

The vulnerability can be reproduced by creating a PyTorch model that includes 'torch.nn.PairwiseDistance(p=2)' and applying 'torch.compile' with the 'inductor' backend. This combination results in output discrepancies when compared to the expected results, particularly when using double-precision floating-point values as a reference.

Remediation

Users can upgrade to PyTorch version 2.7.0 or later, where this issue has been fixed.