CVE-2025-3136
Description
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | affected | |
| debian | sid | affected | |
| debian | trixie | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | torch | <=2.6.0-NA | |
References
- https://vuldb.com/?id.303041
- https://github.com/ARPANET-cybersecurity/vuldb/issues/2
- https://github.com/pytorch/pytorch/issues/149821
- https://github.com/pytorch/pytorch/issues/149821#issue-2940838975
- https://github.com/pytorch/pytorch/issues/149821#issuecomment-2765311086
- https://vuldb.com/?ctiid.303041
- https://vuldb.com/?submit.525252
- https://security-tracker.debian.org/tracker/CVE-2025-3136
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.