53 matches found
PYSEC-2026-984 `FractionalMaxPoolGrad` Heap out of bounds read
Impact If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. python import tensorflow as tf tf.rawops.FractionMaxPoolGrad originput = 1, 1, 1, 1, 1, origoutput = 1, 1, 1, outbackprop = 3, 3, 6, rowpoolingsequence = -0x4000000, 1, 1,...
PYSEC-2026-1049 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
Impact An input poolingratio that is smaller than 1 will trigger a heap OOB in tf.rawops.FractionalMaxPool and tf.rawops.FractionalAvgPool. Patches We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cher...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [CVE-2025-2953]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch, due to an issue found in PyTorch 2.6.0+cu124 that affects the function torch.mkldnnmaxpool2d CVE-2025-2953. PyTorch is used in our service runtimes. This vulnerabilitiy has been...
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
...
DEBIAN-CVE-2025-46150
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...
Use of Out-of-range Pointer Offset
Overview torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Use of Out-of-range Pointer Offset via the fractionalmaxpool function in torch.nn.FractionalMaxPool2d component when used with torch.compile. An...
Use of Out-of-range Pointer Offset
Overview Affected versions of this package are vulnerable to Use of Out-of-range Pointer Offset via the fractionalmaxpool function in torch.nn.FractionalMaxPool2d component when used with torch.compile. An attacker can cause inconsistent computational results by exploiting this behavior,...
PT-2025-39381
Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.7.0 Description When torch.compile is used, the FractionalMaxPool2d function exhibits inconsistent results. This issue affects the accuracy of computations involving this specific function within the PyTorch...
CVE-2025-46150
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...
CVE-2025-46150
CVE-2025-46150 is referenced in connected IBM bulletin as affecting PyTorch: prior to 2.7.0, using torch.compile can cause FractionalMaxPool2d to produce inconsistent results. The IBM document lists the CVE entry and its description but provides no technical details on root cause, vulnerable vers...
CVE-2025-46150
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...
CVE-2025-46150
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results...
AZL-60931 CVE-2025-2953 affecting package pytorch for versions less than 2.0.0-9
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...
UBUNTU-CVE-2025-2953
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...
PyTorch 安全漏洞
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a denial of service vulnerability caused by a floating point exception in the function torch.mkldnnmaxpool2d. An attacker can exploit this vulnerability to cause a denial of service...
TensorFlow has double free in Fractional(Max/Avg)Pool
...
GHSA-F49C-87JH-G47Q TensorFlow has double free in Fractional(Max/Avg)Pool
Impact nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported. python import tensorflow as tf import os import numpy as np from...
SUSE CVE-2021-29573
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...
SUSE CVE-2021-29580
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...
SUSE CVE-2022-21739
Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...