### Critical Vulnerability Information #### Vulnerability IDs - CVE-2022-46184 - CVE-2022-46185 - CVE-2022-46186 - CVE-2022-46187 - CVE-2022-46188 - CVE-2022-46189 - CVE-2022-46190 #### Affected Products and Versions - **PyTorch** - Affected Versions: v2.0.0 - Fixed Version: v2.7.0 #### Vulnerability Types - Incorrect Computation - Buffer Overflow - Remote Code Execution - Silent Incorrectness #### Vulnerability Description 1. **CVE-2022-46184**: `torch.nn.ParallelAdaptive` produces incorrect output, potentially leading to dangerous decisions. 2. **CVE-2022-46185**: Buffer overflow occurs when compiling PyTorch models using `torch.compile`. 3. **CVE-2022-46186**: The `torch.nn.FractionalMaxPool2d` component allows remote attackers to execute arbitrary code. 4. **CVE-2022-46187**: `torch.biwaxm_right_shift` produces incorrect output. 5. **CVE-2022-46188**: `torch.nn.DropoutNd` and `torch.nn.Dropout2d` allow remote attackers to execute arbitrary code. 6. **CVE-2022-46189**: `torch.nn.Dropout2d` produces incorrect output. 7. **CVE-2022-46190**: `torch.nn.DropoutNd` produces incorrect output. #### Attack Vector - Vulnerabilities are triggered when a user requests compilation of a PyTorch model. #### Reference Links - [GitHub Issues](https://github.com/pytorch/pytorch/issues) - [GitHub Pull Requests](https://github.com/pytorch/pytorch/pulls) #### Mitigation - Upgrade to version v2.7.0 to fix these vulnerabilities.