PyTorch, Denial of Service, CVE-2025-2953 (Medium)

Listen to this Post

The CVE-2025-2953 vulnerability in PyTorch 2.6.0+cu124 arises due to improper handling of input tensors in the `torch.mkldnn_max_pool2d` function. When processing specially crafted input tensors with invalid dimensions or malformed data, the function fails to perform adequate bounds checking, leading to a segmentation fault or abrupt termination. This results in a local denial-of-service (DoS) condition, disrupting the execution of PyTorch-based applications. Attackers exploiting this vulnerability must have local access to the target system. The issue stems from insufficient validation in the MKLDNN backend integration, which mishandles edge cases during max-pooling operations.

DailyCVE Form:

Platform: PyTorch
Version: 2.6.0+cu124
Vulnerability: DoS
Severity: Medium
Date: 04/15/2025

What Undercode Say:

Analytics:

  • Exploit requires local access.
  • Impacts ML inference pipelines.
  • Patch available in PyTorch 2.6.1.

Exploit Command:

import torch
malicious_tensor = torch.randn(1, 3, 256, 256, device='cpu')
torch.mkldnn_max_pool2d(malicious_tensor, kernel_size=(999999, 999999)) Triggers crash

Protection Code:

def safe_max_pool2d(input_tensor, kernel_size):
if any(ks <= 0 or ks > input_tensor.size(i+2) for i, ks in enumerate(kernel_size)):
raise ValueError("Invalid kernel_size")
return torch.mkldnn_max_pool2d(input_tensor, kernel_size)

Mitigation Steps:

1. Update to PyTorch 2.6.1.

2. Validate input tensors before pooling.

3. Restrict local user privileges.

Debugging Command:

gdb -ex r --args python3 exploit_script.py Capture crash stacktrace

Patch Reference:

PyTorch patch snippet
- output = mkldnn_max_pool2d(input);
+ if (input.dim() != 4) {
+ throw std::runtime_error("Invalid input dimensions");
+ }

Log Monitoring:

grep -i "segfault" /var/log/syslog Detect exploitation attempts

Workaround:

os.environ['USE_MKLDNN'] = '0' Disable MKLDNN backend

Impact Assessment:

  • Critical for real-time ML systems.
  • Low risk for cloud-hosted models.
    [bash]

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top