Primary

Context

PyTorch Denial-of-Service Vulnerability in torch.linalg.lu Component

Vulnerability

A denial-of-service vulnerability has been identified in PyTorch version 2.8.0 within the torch.linalg.lu component. This issue arises when performing slice operations, which the function does not handle properly, leading to errors and potential application crashes. The vulnerability was reported by a community member and is considered high priority.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application crashes or becomes unresponsive.

Reproduction

The vulnerability can be reproduced by compiling a PyTorch model that uses the torch.linalg.lu function with the Inductor compiler, and attempting to perform a slice operation on the output. This will result in a TypeError, indicating that the function cannot process the slice as expected.

Added: Sep 25, 2025, 3:17 PM

Updated: Sep 25, 2025, 3:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.6

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.6

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Denial-of-Service Vulnerability in torch.linalg.lu Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating