pytorch
Moderate fix1 remedy
cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:python:*:*
Moderate fix1 remedy
- <= 2.7.0
PyTorch Denial-of-Service Vulnerability in Tensor Conversion Functions
Vulnerability
Patched
A denial-of-service vulnerability has been identified in PyTorch version 2.7.0. The issue arises when a model uses the combination of `torch.Tensor.to_sparse()` and `torch.Tensor.to_dense()` functions, and is compiled with the Inductor backend. This combination leads to a `NotImplementedError`, causing the application to crash and creating a denial-of-service condition.
Impact
Exploitation of this vulnerability causes a denial-of-service condition by crashing the application.
Reproduction
The vulnerability can be reproduced by creating a PyTorch model that includes the `torch.Tensor.to_sparse()` and `torch.Tensor.to_dense()` functions. When this model is compiled using the Inductor backend, it will throw a `LoweringException` with a `NotImplementedError`, indicating that the operation could not be completed. This error can be observed by running the model with the specified tensor conversion functions under the Inductor backend, which will result in a crash.
Remediation
This vulnerability has been fixed in PyTorch version 2.7.1. Users can upgrade to this version to address the issue.
Added: Sep 25, 2025, 4:22 PM
Updated: Sep 25, 2025, 4:22 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
6.0remediation
7.7relevance
0.5threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.