CVE-2025-2148

NameCVE-2025-2148
DescriptionA vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1102219

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pytorch (PTS)bullseye1.7.1-7vulnerable
bookworm1.13.1+dfsg-4vulnerable
trixie2.6.0+dfsg-5vulnerable
sid2.6.0+dfsg-7vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pytorchsource(unstable)(unfixed)1102219

Notes

[bookworm] - pytorch <no-dsa> (Minor issue)
[bullseye] - pytorch <postponed> (Minor issue)
https://github.com/pytorch/pytorch/issues/147722

Search for package or bug name: Reporting problems