CVE-2025-4287

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4287

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4287.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4287

Related

UBUNTU-CVE-2025-4287

Published

2025-05-05T20:15:22Z

Modified

2025-05-19T09:51:45.364661Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

References

Affected packages

Debian:11 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.1-7

1.8.1-1

1.8.1-2

1.8.1-3

1.8.1-4

1.8.1-5

1.12.0~rc1-1

1.12.0-1

1.12.1-1

1.13.1+dfsg-1

1.13.1+dfsg-2

1.13.1+dfsg-3

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/divigroup-rap/pytorch

Affected ranges

Type: GIT
Repo: https://github.com/divigroup-rap/pytorch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5827d2061dcb4acd05ac5f8e65d8693a481ba0f5

Affected versions

Other

bc2caa7fdf006894eff7af936babde69ab5a40f8-huydhn-debug

ciflow/inductor/3b9a386

ciflow/inductor/3d4b92b

ciflow/inductor/d224ac7

ciflow/periodic/054a2fd

ciflow/periodic/2a6d37d

ciflow/periodic/317eeb8

ciflow/periodic/3c32

ciflow/periodic/3e98831

ciflow/periodic/94512-point

ciflow/periodic/csl/test87519

ciflow/periodic/csltest88275

ciflow/periodic/csltest88761

ciflow/periodic/ed0dea3e24a2ba4d01043c4cfd27e90655692adc

ciflow/periodic/sha-ec5b83

ciflow/slow/01c7106

ciflow/slow/0577043

ciflow/slow/0d5b74da0cab798fbfdb9caa53fad816999c8386-sdym

ciflow/slow/0e81104

ciflow/slow/1732077

ciflow/slow/187eb7c

ciflow/slow/1faef89

ciflow/slow/3920ec1

ciflow/slow/3b7c6b2

ciflow/slow/59a3759

ciflow/slow/70ef0bb

ciflow/slow/788ff06

ciflow/slow/8751002215790a3a88750faa8f4366933e296693-sdym

ciflow/slow/9d85864

ciflow/slow/9ffad5b

ciflow/slow/a206e8b

ciflow/slow/a837609

ciflow/slow/af841f3

ciflow/slow/da3aba1e46157c4df504b067477cdf2b3c96b194-sdym

ciflow/unstable/123

cslpull75

cslpull76

cslpull77

cslpull78

cslpull79

cslpull80

cslpull81

cslpull82

cslpull83

cslpull84

cslpull85

cslpull86

cslpull87

cslpull88

cslpull89

cslpull90

cslpull91

cslpull92

forpull1

malfet/tag-2ef5611

malfet/tag-317b1a0

malfet/tag-ec6f767

nightly-binary

v0.*

v0.1.1

v0.1.10

v0.1.11

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v1.*

v1.0.0a0

v1.0rc0

v1.0rc1

v1.1.0a0

v1.2.0a0

v1.3.0a0

v1.4.0a0

v1.8.0-rc1