In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
The vulnerability results from unsafe deserialization of data (CWE-502) in the RemoteModule component, which is part of PyTorch's distributed computing framework. An attacker can supply crafted, malicious data to the deserialization process, which consequently leads to arbitrary code execution on the server. This mechanism is available over the network without requiring authentication or user interaction.
An attacker can gain full control over the victim's system through remote code execution (RCE), which threatens the confidentiality, integrity, and availability of the system.
Patches available from the vendor should be applied according to the references. The vendor indicates in its security policy that PyTorch distributed functions are intended solely for use in trusted network environments — distributed computing interfaces should not be exposed to untrusted networks. It is recommended to review the PyTorch security documentation regarding distributed functions.
PyTorch (Linuxfoundation) in versions up to and including 2.4.1, that utilize distributed computing features (RemoteModule / Distributed RPC Framework).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinuxfoundation Pytorch
APPLinuxfoundation≤ 2.4.1
Related vulnerabilities
RCE w PyTorch przy deserializacji modelu przez torch.load
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution becaus...
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTo...
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_l...
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS...