Listen to this Post
How CVE-2025-2148 Works
This critical vulnerability in PyTorch 2.6.0+cu124 stems from improper memory handling in the `torch.ops.profiler._call_end_callbacks_on_jit_fut` function when processing tuple arguments. Attackers can exploit this flaw by passing maliciously crafted `None` values, leading to memory corruption. Due to the complexity of triggering this issue and the requirement for remote execution, successful exploitation is difficult but could result in arbitrary code execution or system crashes.
DailyCVE Form
Platform: PyTorch
Version: 2.6.0+cu124
Vulnerability: Memory corruption
Severity: Critical
Date: 06/23/2025
Prediction: Patch by 08/2025
What Undercode Say
import torch Triggering the vulnerable function torch.ops.profiler._call_end_callbacks_on_jit_fut(None) PoC
How Exploit
- Crafted `None` input triggers corruption.
- Remote code execution possible.
Protection from this CVE
- Await official patch.
- Disable vulnerable profiler features.
Impact
- Arbitrary code execution.
- System instability.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
