CVE-2024-31583
Description
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PyTorch before v2.2.0 contains a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp, allowing potential memory corruption.
Vulnerability
Overview
A use-after-free vulnerability exists in PyTorch versions prior to v2.2.0, specifically located in the file torch/csrc/jit/mobile/interpreter.cpp [1][2]. This flaw occurs when the interpreter improperly handles memory for certain operations in the mobile JIT execution path, leading to a dangling pointer that can be dereferenced after the associated memory has been freed [4]. The root cause is a missing reference count adjustment or insufficient lifetime management for an object used during instruction dispatch.
Attack
Vector
An attacker can trigger this vulnerability by crafting a malicious PyTorch model file (e.g., .pt or .pth) that, when loaded and executed via the mobile interpreter, causes the use-after-free condition [2]. No authentication is required if the victim loads the attacker-supplied model; the attack surface includes any application using PyTorch's JIT mobile interpreter to run untrusted models. The vulnerability is reachable without special privileges, as the interpreter runs at the same user level as the consuming application.
Impact
The primary impact is denial of service (application crash) due to memory corruption [2]. Under specific conditions, an attacker may achieve arbitrary code execution by controlling the freed memory's content or layout, though this depends on heap state and mitigations like ASLR. The CVSS base score is 7.3 (High), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, indicating potential impacts to confidentiality, integrity, and availability [2].
Mitigation
The vulnerability was fixed in PyTorch version 2.2.0 [1][3]. Users are strongly advised to upgrade to v2.2.0 or later. No known workarounds exist; loading models from untrusted sources should be avoided until the update is applied. The flaw is not currently listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
torchPyPI | < 2.2.0 | 2.2.0 |
Affected products
3- Pytorch/Pytorchdescription
- osv-coords2 versions
< 2.2.1+ 1 more
- (no CPE)range: < 2.2.1
- (no CPE)range: < 2.2.0
Patches
19c7071b0e324[fuzzing result][fuzz_torch_jit_lite_interpreter] read-heap-use-after-free (size 8) in std::_Function_base::_M_empty() (#110289)
1 file changed · +4 −1
torch/csrc/jit/mobile/interpreter.cpp+4 −1 modified@@ -128,7 +128,10 @@ bool InterpreterState::run(Stack& stack) { mobile_debug_info->setOpIdx(pc); } } - + if (inst.X < 0 || + static_cast<size_t>(inst.X) >= code.operators_.size()) { + throw JITException("Invalid OP Instruction"); + } RECORD_EDGE_SCOPE_WITH_DEBUG_HANDLE_AND_INPUTS( code.op_names_[inst.X].name, debug_handle, stack); code.operators_[inst.X](stack);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-pg7h-5qx3-wjr3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-31583ghsaADVISORY
- gist.github.com/1047524396/43e19a41f2b36503a4a228c32cdbc176ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-251.yamlghsaWEB
- github.com/pytorch/pytorch/blob/v2.1.2/torch/csrc/jit/mobile/interpreter.cppghsaWEB
- github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2ghsaWEB
- security.snyk.io/vuln/SNYK-PYTHON-TORCH-6619806ghsaWEB
News mentions
0No linked articles in our index yet.