Security Bulletin: NVIDIA Apex - March 2026

NVIDIA has released an update for NVIDIA® Apex to address a security issue. To protect your system, clone or update NVIDIA Apex to include commit db8e053 or later from NVIDIA Apex. Ensure that your environment uses PyTorch 2.6 or later from PyTorch. Go to NVIDIA Product Security. Details The...

PYSEC-2026-139

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

GHSA-MRW7-HF4F-83PF vLLM deserialization vulnerability leading to DoS and potential RCE

Summary A memory corruption vulnerability that leading to a crash denial-of-service and potentially remote code execution RCE exists in vLLM versions 0.10.2 and later, in the Completions API endpoint. When processing user-supplied prompt embeddings, the endpoint loads serialized tensors using...

BIT-PYTORCH-2025-55554

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nantonum-.long...

BIT-PYTORCH-2025-46152

In PyTorch before 2.7.0, bitwiserightshift produces incorrect output for certain out-of-bounds values of the "other" argument...

Linux Distros Unpatched Vulnerability : CVE-2025-46150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results. CVE-2025-46150 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2025-55554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nantonum-.long. CVE-2025-55554 Note that Nessus relies on the presence of th...

PYSEC-2025-207

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service DoS...

DEBIAN-CVE-2025-55552

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randnlike are used together...

AZL-68117 CVE-2025-55551 affecting package pytorch 2.0.0-14

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

aait (>=0.0.4.80 <=1.0.5), accusleepy (>=0.1.0 <=0.7.1) +329 more potentially affected by CVE-2025-46149 via torch (=2.6.0)

torch PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on torch and may be impacted: - aait =0.0.4.80, =0.1.0, =1.0.0.3, =0.1.0, =0.8.4, =0.1.47, =3.1.8, =0.1.3, =2.0.3, =0.3.8.2, =0.2.2, =0.2.4 - archgw =0.3.17 and more Source cves:...

DEBIAN-CVE-2025-46153

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via the nn.Fold function when used with inductor. An attacker can cause the application to terminate unexpectedly by triggering a buffer overflow error. Remediation Upgrade pytorch/pytorch to version 2.7.0-rc1 or...

CVE-2025-46153

PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...

CVE-2025-55558

CVE-2025-55558 is a buffer overflow in PyTorch 2.7.0 during compilation with Inductor for a model containing Conv2d, hardshrink, and tensor.view-torch.mv(), leading to a Denial of Service (DoS). The IBM watsonx Code Assistant On Prem bulletin documents this CVE as part of multiple vulnerabilities...

CVE-2025-55558

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv and is compiled by Inductor, leading to a Denial of Service DoS...

CVE-2025-55552

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randnlike are used together...

CVE-2025-55551

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...

CVE-2025-55553

CVE-2025-55553 is described across sources as a DoS vulnerability in PyTorch v2.7.0 caused by a syntax error in the proxy_tensor.py component. The linked documents (NVD/NIST entry and IBM watsonx bulletin listing this CVE among PyTorch-related issues) confirm the affected product and the basic fl...

CBL Mariner 2.0 Security Update: pytorch (CVE-2025-32434)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32434 advisory. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural...