一、漏洞信息
漏洞编号：CVE-2025-2953
漏洞归属组件：pytorch
漏洞归属的版本：1.11.0,1.6.0,2.0.1,2.1.2
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
漏洞公开时间：2025-03-31 00:15:14
漏洞创建时间：2025-03-31 18:20:58
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2025-2953

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

二、漏洞分析结构反馈
影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：
1.master(2.1.2):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3(1.6.0):
4.openEuler-22.03-LTS-SP4(1.6.0):
5.openEuler-24.03-LTS(2.1.2):
6.openEuler-24.03-LTS-Next(2.1.2):
7.openEuler-24.03-LTS-SP1(2.1.2):

修复是否涉及abi变化(是/否)：
1.master(2.1.2):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3(1.6.0):
4.openEuler-22.03-LTS-SP4(1.6.0):
5.openEuler-24.03-LTS(2.1.2):
6.openEuler-24.03-LTS-Next(2.1.2):
7.openEuler-24.03-LTS-SP1(2.1.2):

原因说明：
1.master(2.1.2):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP3(1.6.0):
4.openEuler-22.03-LTS-SP4(1.6.0):
5.openEuler-24.03-LTS(2.1.2):
6.openEuler-24.03-LTS-Next(2.1.2):
7.openEuler-24.03-LTS-SP1(2.1.2):