Volerion logoVolerion
Volerion logoVolerion

PyTorch Buffer Overflow Vulnerability in Inductor Compiler Leading to Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in PyTorch version 2.7.0. This issue arises when a model includes the components 'torch.nn.Conv2d', 'torch.nn.functional.hardshrink', and 'torch.Tensor.view' combined with 'torch.mv()', and is compiled using the Inductor backend. The vulnerability results in a denial-of-service condition by causing a system crash during the model's execution.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the system to crash.

Reproduction

The vulnerability can be reproduced by creating a PyTorch model that includes 'torch.nn.Conv2d', 'torch.nn.functional.hardshrink', and 'torch.Tensor.view' combined with 'torch.mv()'. Once the model is prepared, it should be compiled using the Inductor backend. When the model is executed, the buffer overflow will occur, leading to a crash.

Remediation

This vulnerability has been fixed in the latest version of PyTorch. Users should update to the version that includes the fix.

Added: Sep 25, 2025, 4:23 PM
Updated: Sep 25, 2025, 4:23 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
2.5
exploitability
5.0
remediation
7.7
relevance
0.6
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.