Primary

Context

PyTorch Denial-of-Service Vulnerability in Profiler Component

Vulnerability

A denial-of-service vulnerability has been identified in PyTorch versions 2.5 and 2.7.1. The issue arises when the `profiler.stop()` method is omitted, causing `torch.profiler.profile` (PythonTracer) to either crash or hang during the finalization process. This behavior leads to a segmentation fault or a prolonged hang, depending on the PyTorch version used.

Impact

The vulnerability causes a hard crash or a hang, disrupting the normal execution of the program.

Reproduction

To reproduce this vulnerability, create a `torch.profiler.profile` object and start the profiler. After performing some operations, access the profiling results with `profiler.key_averages().table()' without calling `profiler.stop()' first. In PyTorch 2.5, this will result in a segmentation fault, while in PyTorch 2.7.1, the program will hang.

Remediation

Users can avoid this vulnerability by ensuring that `profiler.stop()` is called before accessing the profiling results.

Added: Nov 12, 2025, 9:21 PM

Updated: Nov 12, 2025, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.6

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.6

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Denial-of-Service Vulnerability in Profiler Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PyTorch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating