CVE-2025-3136

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxfoundationpytorch
2.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pytorch/pytorch/issues/149821
https://github.com/pytorch/pytorch/issues/149821#issue-2940838975
https://github.com/pytorch/pytorch/issues/149821#issuecomment-2765311086
https://vuldb.com/?ctiid.303041
https://vuldb.com/?id.303041
https://vuldb.com/?submit.525252
https://github.com/ARPANET-cybersecurity/vuldb/issues/2