CRITICAL🇵🇱 Wersja polska

CVE-2025-54952

CVSS 9.8v3.1pub. 2025-08-08upd. 2026-04-15

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.

🤖 AI Analysis
How it works

During ExecuTorch model loading, an integer overflow occurs, resulting in a smaller memory area being allocated than expected. The undersized buffer can subsequently be overwritten with data from outside the reserved region, which opens the possibility of arbitrary code execution or triggering other undesirable effects.

Impact

An attacker can trigger arbitrary code execution (RCE) in the context of an application processing an ExecuTorch model or cause other unpredictable effects resulting from memory corruption.

Mitigation & patch

ExecuTorch should be updated to a version containing commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b or newer. The patch is available in the pytorch/executorch GitHub repository under the specified commit hash.

Who is affected

ExecuTorch library in all versions prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b in the pytorch/executorch repository.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References