Primary

Context

PyTorch Syntax Error in Proxy Tensor Component Leading to Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PyTorch version 2.7.0, specifically within the 'proxy_tensor.py' component. The issue arises from a syntax error when the 'torch.Tensor.random_()' method is used, particularly in conjunction with the PyTorch compiler, Inductor. This error can cause a system crash, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a syntax error that disrupts normal operations, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling a PyTorch model that includes the 'torch.Tensor.random_()' method using the Inductor backend. This will trigger a syntax error in the 'proxy_tensor.py' file, causing the model compilation to fail.

Remediation

This vulnerability has been fixed in the latest version of PyTorch. Users should update to the patched version.

Added: Sep 25, 2025, 4:27 PM

Updated: Sep 25, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.6

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.6

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Syntax Error in Proxy Tensor Component Leading to Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

pytorch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating