PyTorch Bernoulli Decomposition Vulnerability in Dropout Layers Allowing Arbitrary Code Execution

A vulnerability exists in PyTorch versions through 2.6.0 in the handling of dropout layers. The issue arises from the bernoulli_p decomposition function, which is not fully consistent with the eager CPU implementation. This inconsistency affects the nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d layers when the fallback_random option is enabled. As a result, a remote attacker could exploit this vulnerability to execute arbitrary code by manipulating the behavior of these dropout functions.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where the affected PyTorch version is running.

Reproduction

The vulnerability can be reproduced by setting the 'config.fallback_random' option to True and then using the 'torch.nn.Dropout' layers in a compiled PyTorch model. The output will be incorrect compared to the expected results, demonstrating the inconsistency introduced by the faulty decomposition.

Remediation

Users can upgrade to PyTorch version 2.7.0 or later, where this vulnerability has been fixed.