PyTorch Unexpected Behavior Vulnerability in torch.rot90 and torch.randn_like Components

A vulnerability exists in PyTorch version 2.8.0, where an unexpected behavior occurs when the functions torch.rot90 and torch.randn_like are used together. This issue can lead to incorrect results, as the output from the compiled model with these functions can be swapped compared to the eager execution mode.

Impact

Exploitation of this vulnerability causes silent incorrectness in the output results, leading to potential miscalculations or erroneous decisions in applications using the affected PyTorch version.

Reproduction

The vulnerability can be reproduced by creating a PyTorch model that uses the torch.rot90 function to rotate a tensor and then applies torch.randn_like to generate a tensor with the same shape and device. When this model is compiled with the PyTorch Inductor backend, the output will be incorrect, with elements swapped compared to the eager execution backend.

Remediation

Users can upgrade to the latest version of PyTorch, where this issue has been fixed.