An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
Attack Parameters
Attack Vector
Local
Нужен локальный доступ
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
None
Нет утечки данных
Integrity
None
Нет модификации данных
Availability
Low
Частичное нарушение работы
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 1
linuxfoundation:pytorch
Known Affected Software Configurations 2
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Linuxfoundation Pytorch
cpe:2.3:a:linuxfoundation:pytorch:2.5.0:-:*:*:*:python:*:*
|
— | — |
|
Linuxfoundation Pytorch
cpe:2.3:a:linuxfoundation:pytorch:2.7.1:-:*:*:*:python:*:*
|
— | — |