A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). — CVE-2025-55558

Zusammenfassung

Sicherheitshinweis CVE-2025-55558. A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and… Hersteller: Microsoft. Quelle: MSRC. Risiko: high. CVSS 7.5. Details in…

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). CVE-2025-55557
• A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). CVE-2025-55553
• Agentic AI and Visual Studio Code Remote Code Execution Vulnerability CVE-2025-55319
• ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control CVE-2025-39751
• ALSA: usb-audio: Validate UAC3 cluster segment descriptors CVE-2025-39757
• ALSA: usb-audio: Validate UAC3 power domain descriptors, too CVE-2025-38729
• An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. CVE-2025-55560
• An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. CVE-2025-55551
• Arbitary Code execution in Keras load_model() CVE-2025-9905
• Arbitrary Code execution in Keras Safe Mode CVE-2025-9906
• atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). CVE-2025-39828
• Axios is vulnerable to DoS attack through lack of data size check CVE-2025-58754