CVE-2024-31580 Overview
A heap buffer overflow vulnerability was discovered in PyTorch before version v2.2.0 within the /runtime/vararg_functions.cpp component. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input that triggers an out-of-bounds read operation in the heap memory.
Critical Impact
Attackers can exploit this heap buffer overflow to crash PyTorch applications, potentially disrupting machine learning pipelines, AI inference services, and research environments that depend on PyTorch.
Affected Products
- Linux Foundation PyTorch versions prior to v2.2.0
- PyTorch Python packages (cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*)
- Applications and services utilizing vulnerable PyTorch runtime components
Discovery Timeline
- 2024-04-17 - CVE-2024-31580 published to NVD
- 2025-06-10 - Last updated in NVD database
Technical Details for CVE-2024-31580
Vulnerability Analysis
This vulnerability is classified as CWE-122 (Heap-based Buffer Overflow). The flaw exists in PyTorch's JIT (Just-In-Time) runtime, specifically within the tupleConstruct function in vararg_functions.cpp. The vulnerability was identified through fuzzing efforts targeting the torch JIT lite interpreter, which revealed a read-heap-buffer-overflow condition.
The root cause stems from insufficient bounds checking when constructing tuples from the stack. When the tupleConstruct function is called with a num_inputs parameter that exceeds the actual stack size, the function attempts to read beyond the allocated heap buffer, resulting in an out-of-bounds memory access.
Root Cause
The tupleConstruct function in /runtime/vararg_functions.cpp did not validate that the requested number of inputs (num_inputs) was within the bounds of the available stack size before attempting to read from the stack. This missing validation allowed attackers to supply a crafted input that specified more inputs than were actually present, causing the function to read past the end of the heap-allocated stack buffer.
Attack Vector
The attack requires local access to execute. An attacker can craft malicious input that specifies an invalid number of inputs to the tuple construction operation. When the PyTorch JIT runtime processes this input, it attempts to read from memory locations outside the allocated buffer boundaries, triggering the heap buffer overflow and causing application termination.
}
void tupleConstruct(Stack& stack, size_t num_inputs) {
+ if (num_inputs > stack.size()) {
+ TORCH_CHECK(false, "Invalid number of inputs: ", num_inputs);
+ }
switch (num_inputs) {
case 0:
stack.emplace_back(c10::ivalue::Tuple::create());
Source: GitHub PyTorch Commit
The patch adds explicit bounds checking to validate that num_inputs does not exceed stack.size() before proceeding with the tuple construction operation.
Detection Methods for CVE-2024-31580
Indicators of Compromise
- Unexpected crashes or segmentation faults in PyTorch-based applications
- Application logs showing heap-related memory errors or buffer overflows
- Abnormal termination of machine learning inference services without clear cause
- Core dumps indicating memory access violations in vararg_functions.cpp
Detection Strategies
- Monitor application stability for PyTorch-dependent services experiencing unexpected crashes
- Implement memory sanitizer tools (AddressSanitizer, Valgrind) in development and staging environments to detect heap overflow conditions
- Review application logs for TORCH_CHECK failures or memory access exceptions
- Deploy runtime application self-protection (RASP) solutions that can detect memory corruption attempts
Monitoring Recommendations
- Enable heap buffer overflow detection through compiler instrumentation (-fsanitize=address) during testing
- Set up alerting for repeated PyTorch application crashes in production environments
- Monitor system stability metrics for services running vulnerable PyTorch versions
- Implement application health checks that can detect denial of service conditions
How to Mitigate CVE-2024-31580
Immediate Actions Required
- Upgrade PyTorch to version v2.2.0 or later immediately
- Audit all systems and containers running PyTorch to identify vulnerable versions
- Review deployment pipelines to ensure patched versions are being deployed
- Implement input validation for any external data processed by PyTorch applications
Patch Information
The Linux Foundation has addressed this vulnerability in PyTorch v2.2.0. The fix adds explicit bounds checking to validate the number of inputs before tuple construction operations. The security patch is available through the official PyTorch commit.
Organizations should update their PyTorch installations using standard package management:
Workarounds
- Restrict local access to systems running PyTorch applications to trusted users only
- Implement input sanitization and validation for any externally-sourced data processed by PyTorch
- Deploy containerized PyTorch applications with restricted memory access permissions
- Consider running PyTorch workloads in sandboxed environments to limit the impact of potential crashes
# Upgrade PyTorch to patched version
pip install --upgrade torch>=2.2.0
# Verify installed version
python -c "import torch; print(torch.__version__)"
# For conda environments
conda update pytorch -c pytorch
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
