SB2024081325 - Multiple vulnerabilities in PyTorch
Published: August 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2024-31580)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in component /runtime/vararg_functions.cpp. A local user can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2024-31584)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in torch/csrc/jit/mobile/flatbuffer_loader.cpp. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
3) Use-after-free (CVE-ID: CVE-2024-31583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in torch/csrc/jit/mobile/interpreter.cpp. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
- https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d
- https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
- https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/flatbuffer_loader.cpp#L305
- https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
- https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132
- https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176