Improper Resource Shutdown or Release in pytorch

CVE-2025-2953

pytorch
torch

Medium

4.8/10

Summary

A vulnerability, which was classified as problematic, has been found in PyTorch. Affected by this issue is the function "torch.mkldnn_max_pool2d". The manipulation leads to Denial of Service (DoS). An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The issue affects pytorch versions prior to v2.7.1-rc1.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

References

Advisory
Issue
Pull request

Advisory Timeline

Published Mar 30, 2025

Improper Resource Shutdown or Release in pytorch

CVE-2025-2953

Summary

CWE-404 - Improper Resource Shutdown or Release

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS