Описание
A flaw was found in PyTorch. This vulnerability allows an attacker to execute arbitrary code remotely via a maliciously crafted serialized PythonUDF object.
Отчет
This CVE has been rejected because it describes known functionality of PyTorch.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-amd-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-aws-nvidia-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-azure-amd-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-azure-nvidia-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-gcp-nvidia-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-ibm-nvidia-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-intel-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-nvidia-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/docling-serve-rhel9 | Not affected |
Показывать по
10
Дополнительная информация
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=2353598pytorch: Deserialization of Untrusted Data in pytorch/pytorch
2.6 Low
CVSS3
Связанные уязвимости
ubuntu
10 месяцев назад
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
nvd
10 месяцев назад
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS3: 9.8
github
10 месяцев назад
Withdrawn Advisory: PyTorch deserialization vulnerability
2.6 Low
CVSS3