PyTorch Bitwise Right Shift Component Incorrect Output Vulnerability

A vulnerability in PyTorch versions through 2.6.0 in the bitwise_right_shift operation has been identified. This issue arises when the 'other' argument is out-of-bounds, leading to incorrect output. The vulnerability is present in the PyTorch Inductor, a deep learning compiler component.

Impact

Exploitation of this vulnerability causes the bitwise_right_shift operation to produce incorrect results, particularly when the 'other' argument is 64. This silent error can lead to faulty outputs in deep learning models, potentially allowing for harmful decision-making based on these incorrect results.

Reproduction

The vulnerability can be reproduced by creating a PyTorch model that uses the bitwise_right_shift operation. When the model is compiled with the Inductor and the 'other' argument is set to 64, the output will be incorrect. This issue does not occur with the CUDA version of PyTorch, which handles the out-of-bounds value correctly.

Remediation

Users can upgrade to PyTorch version 2.7.0 or later, where this vulnerability has been fixed.