We use cookies to improve your experience on our site.
AVID-2026-R1467
Description
Vulnerability CVE-2024-31583
Details
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
Reason for inclusion in AVID: CVE-2024-31583 describes a use-after-free vulnerability in PyTorch’s JIT mobile interpreter (torch/csrc/jit/mobile/interpreter.cpp). PyTorch is a core AI framework widely used to build/deploy AI systems, so this is a software vulnerability within a component used in general-purpose AI pipelines. The report includes a formal CVE with an NVD entry and multiple references (GitHub commit and file links), providing sufficient evidence of a security issue in AI software. This aligns with software supply-chain concerns since the vulnerability resides in a dependency/framework used to train, package, and deploy AI models.
References
- NVD entry
- https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
- https://github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cpp#L132
- https://gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-04-17
- Version: 0.3.3
- AVID Entry