diff --git a/SPECS/pytorch/CVE-2025-3001.patch b/SPECS/pytorch/CVE-2025-3001.patch new file mode 100644 index 00000000000..b730898be10 --- /dev/null +++ b/SPECS/pytorch/CVE-2025-3001.patch @@ -0,0 +1,119 @@ +From 04aa4b2ed8c04f7ce141ea96a20cbc8ccfc1e7b6 Mon Sep 17 00:00:00 2001 +From: Yuxingwang-intel +Date: Fri, 19 Dec 2025 10:20:47 +0000 +Subject: [PATCH] Fix segmentation fault caused by invalid gate weight size in + lstm_cell (#168348) + +This PR adds parameter checks for LSTM weights to fix https://github.com/pytorch/pytorch/issues/149626 +Pull Request resolved: https://github.com/pytorch/pytorch/pull/168348 +Approved by: https://github.com/jiayisunx, https://github.com/mingfeima, https://github.com/albanD, https://github.com/cyyever + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/pytorch/pytorch/commit/999d94b5ede5f4ec111ba7dd144129e2c2725b03.patch +--- + aten/src/ATen/native/RNN.cpp | 15 ++++++++++++++- + test/test_nn.py | 33 +++++++++++++++++++++++++++++++++ + 2 files changed, 47 insertions(+), 1 deletion(-) + +diff --git a/aten/src/ATen/native/RNN.cpp b/aten/src/ATen/native/RNN.cpp +index ef926b85..0a27a425 100644 +--- a/aten/src/ATen/native/RNN.cpp ++++ b/aten/src/ATen/native/RNN.cpp +@@ -677,6 +677,15 @@ void check_rnn_cell_forward_hidden(const Tensor& input, const Tensor& hx, c10::S + "hidden", hidden_label, " has inconsistent hidden_size: got ", hx.sym_size(1), ", expected ", hidden_size); + } + ++template ++inline void check_rnn_cell_forward_weights(const Tensor& w_ih, const Tensor& w_hh, const c10::SymInt& hidden_size){ ++ TORCH_CHECK(w_ih.size(0) == gate_count * hidden_size, "weight_ih first dim must be ", gate_count, " * hidden_size = ", ++ gate_count * hidden_size, ", but got ", w_ih.size(0)); ++ TORCH_CHECK(w_hh.size(0) == gate_count * hidden_size, "weight_hh first dim must be ", gate_count, " * hidden_size = ", ++ gate_count * hidden_size, ", but got ", w_hh.size(0)); ++} ++ ++ + template + struct Cell { + using hidden_type = hidden_type_tmpl; +@@ -1520,8 +1529,9 @@ std::tuple lstm_cell( + const Tensor& b_hh = c10::value_or_else(b_hh_opt, [] {return Tensor();}); + + TORCH_CHECK(hx.size() == 2, "lstm_cell expects two hidden states"); +- check_rnn_cell_forward_input(input, w_ih.sym_size(1)); + auto hidden_size = w_hh.sym_size(1); ++ check_rnn_cell_forward_input(input, w_ih.sym_size(1)); ++ check_rnn_cell_forward_weights<4>(w_ih, w_hh, hidden_size); + check_rnn_cell_forward_hidden(input, hx[0], hidden_size, 0); + check_rnn_cell_forward_hidden(input, hx[1], std::move(hidden_size), 0); + static at::Tensor undefined; +@@ -1635,6 +1645,7 @@ Tensor gru_cell( + + check_rnn_cell_forward_input(input, w_ih.size(1)); + check_rnn_cell_forward_hidden(input, hx, w_hh.size(1), 0); ++ check_rnn_cell_forward_weights<3>(w_ih, w_hh, w_hh.size(1)); + static at::Tensor undefined; + return GRUCell{}(input, hx, CellParams{w_ih, w_hh, b_ih, b_hh, undefined}); + } +@@ -1648,6 +1659,7 @@ Tensor rnn_tanh_cell( + const Tensor& b_hh = c10::value_or_else(b_hh_opt, [] {return Tensor();}); + + static at::Tensor undefined; ++ check_rnn_cell_forward_weights<1>(w_ih, w_hh, w_hh.size(1)); + check_rnn_cell_forward_input(input, w_ih.size(1)); + check_rnn_cell_forward_hidden(input, hx, w_hh.size(1), 0); + return SimpleCell{}(input, hx, CellParams{w_ih, w_hh, b_ih, b_hh, undefined}); +@@ -1662,6 +1674,7 @@ Tensor rnn_relu_cell( + const Tensor& b_hh = c10::value_or_else(b_hh_opt, [] {return Tensor();}); + + static at::Tensor undefined; ++ check_rnn_cell_forward_weights<1>(w_ih, w_hh, w_hh.size(1)); + check_rnn_cell_forward_input(input, w_ih.size(1)); + check_rnn_cell_forward_hidden(input, hx, w_hh.size(1), 0); + return SimpleCell{}(input, hx, CellParams{w_ih, w_hh, b_ih, b_hh, undefined}); +diff --git a/test/test_nn.py b/test/test_nn.py +index be5ca936..6dd18b15 100644 +--- a/test/test_nn.py ++++ b/test/test_nn.py +@@ -7018,6 +7018,39 @@ tensor(..., device='meta', size=(1,), requires_grad=True)""") + y = net(x) + + ++ def test_rnn_cell_gate_weights_size(self): ++ def test_rnn_cell(cell_fn, gate_count): ++ input_size = 8 ++ hidden_size = 16 ++ x = torch.randn(4, input_size) ++ hx = torch.randn(4, hidden_size) ++ cx = torch.randn(4, hidden_size) ++ ++ w_ih_invalid = torch.randn((gate_count * hidden_size) + 1, 8) ++ w_ih = torch.randn(gate_count * hidden_size, 8) ++ w_hh_invalid = torch.randn((gate_count * hidden_size) + 1, 16) ++ w_hh = torch.randn(gate_count * hidden_size, 16) ++ b_ih = torch.randn(gate_count * hidden_size) ++ b_hh = torch.randn(gate_count * hidden_size) ++ ++ if cell_fn is torch.lstm_cell: ++ state = (hx, cx) ++ else: ++ state = hx ++ ++ with self.assertRaisesRegex(RuntimeError, "weight_ih"): ++ cell_fn(x, state, w_ih_invalid, w_hh, b_ih, b_hh) ++ ++ with self.assertRaisesRegex(RuntimeError, "weight_hh"): ++ cell_fn(x, state, w_ih, w_hh_invalid, b_ih, b_hh) ++ for cell_fn, gate_count in [ ++ (torch.lstm_cell, 4), ++ (torch.gru_cell, 3), ++ (torch.rnn_relu_cell, 1), ++ (torch.rnn_tanh_cell, 1), ++ ]: ++ test_rnn_cell(cell_fn, gate_count) ++ + class TestFusionEval(TestCase): + @given(X=hu.tensor(shapes=((5, 3, 5, 5),)), + running_mean=hu.tensor(shapes=(6,)), +-- +2.45.4 + diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec index 947d6c84117..665d1de5a5a 100644 --- a/SPECS/pytorch/pytorch.spec +++ b/SPECS/pytorch/pytorch.spec @@ -2,7 +2,7 @@ Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration. Name: pytorch Version: 2.0.0 -Release: 11%{?dist} +Release: 12%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Mariner @@ -22,6 +22,7 @@ Patch7: CVE-2025-3730.patch Patch8: CVE-2025-2953.patch Patch9: CVE-2025-55552.patch Patch10: CVE-2025-55560.patch +Patch11: CVE-2025-3001.patch BuildRequires: cmake BuildRequires: gcc @@ -94,6 +95,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir} %{_docdir}/* %changelog +* Thu Dec 25 2025 Azure Linux Security Servicing Account - 2.0.0-12 +- Patch for CVE-2025-3001 + * Fri Dec 05 2025 Azure Linux Security Servicing Account - 2.0.0-11 - Patch for CVE-2025-55560