Описание
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
A flaw was found in PyTorch. A local user can exploit a deserialization vulnerability within an unknown function of the pt2 Loading Handler component. This flaw could allow for information disclosure, data manipulation, or denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AI Inference Server | rhaiis/vllm-cpu-rhel9 | Not affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-cuda-rhel9 | Not affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-rocm-rhel9 | Not affected | ||
| Red Hat AI Inference Server | rhaiis/vllm-tpu-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-aws-cuda-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-azure-cuda-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-azure-rocm-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-cuda-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-gcp-cuda-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-rocm-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
A vulnerability was identified in PyTorch 2.10.0. The affected element ...
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
Уязвимость компонента pt2 Loading Handler фреймворка машинного обучения PyTorch, позволяющая нарушителю выполнить произвольный код
EPSS
5.3 Medium
CVSS3