AVID-2026-R1493

Description

Vulnerability CVE-2024-36736

Details

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.

Reason for inclusion in AVID: CVE-2024-36736 concerns a vulnerability in OneFlow’s oneflow.permute component, causing incorrect calculations when the same dimension operation is performed. OneFlow is an ML framework used in AI model training and deployment pipelines, making this a relevant AI software dependency. As a CVE with a stated security impact and an NVD entry, it qualifies as a software security vulnerability within the AI supply chain. The report provides identifiable evidence (CVE and references) to support classification.

References

• NVD entry
• https://gist.github.com/Redmept1on/6de04fb6c7af6956973fe2765c4d4576

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-06-06
• Version: 0.3.3
• AVID Entry