[AutoPR- Security] Patch pytorch for CVE-2025-55560, CVE-2025-46152 [MEDIUM] (#14762)

Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>

Author: 3 people

SPECS/pytorch/CVE-2025-46152.patch

@@ -0,0 +1,92 @@
+From f95e54328b15315c3563792fccae7193439d1312 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Mon, 29 Sep 2025 19:34:39 +0000
+Subject: [PATCH] inductor: guard bitwise shifts with max_shift and add tests
+ for corner inputs; fixes ghissues 143555 and 143566
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://patch-diff.githubusercontent.com/raw/pytorch/pytorch/pull/143635.patch
+---
+ test/inductor/test_cpu_repro.py | 17 ++++++++++++++++++
+ torch/_inductor/codegen/cpp.py  | 34 ++++++++++++++++++--
+ 2 files changed, 49 insertions(+), 2 deletions(-)
+
+diff --git a/test/inductor/test_cpu_repro.py b/test/inductor/test_cpu_repro.py
+index 925c0f62..9ed4b79d 100644
+--- a/test/inductor/test_cpu_repro.py
++++ b/test/inductor/test_cpu_repro.py
+@@ -2315,6 +2315,23 @@ class CPUReproTests(TestCase):
+         self.common(fn2, (x,))
+         assert metrics.generated_cpp_vec_kernel_count == 1
+ 
++    def test_bitwise_shift_corner_inputs(self):
++        # Fix https://github.com/pytorch/pytorch/issues/143555
++        # and https://github.com/pytorch/pytorch/issues/143566
++        bitwise_fns = (
++            torch.bitwise_left_shift,
++            torch.bitwise_right_shift,
++        )
++        for bitwise_fn in bitwise_fns:
++            torch._dynamo.reset()
++            metrics.reset()
++            x = torch.tensor(1000, dtype=torch.int64)
++            bit_num = torch.tensor(64, dtype=torch.int64)
++            res_aten_eager = bitwise_fn(x, bit_num)
++            cfn = torch.compile(bitwise_fn)
++            res = cfn(x, bit_num)
++            self.assertEqual(res_aten_eager, res)
++
+     def test_transpose_vertical_sum_cpu_only(self):
+         def fn(a, b):
+             c = a * b
+diff --git a/torch/_inductor/codegen/cpp.py b/torch/_inductor/codegen/cpp.py
+index b94ede02..af5ed42a 100644
+--- a/torch/_inductor/codegen/cpp.py
++++ b/torch/_inductor/codegen/cpp.py
+@@ -801,11 +801,41 @@ class CppOverrides(OpOverrides):
+ 
+     @staticmethod
+     def bitwise_left_shift(a, b):
+-        return f"decltype({a})({a} << {b})"
++        code = BracesBuffer()
++        code.writeline("[&]()")
++        with code.indent():
++            scalar_t = DTYPE_TO_CPP[a.dtype]
++            code.writeline(
++                f"constexpr decltype({b}) max_shift = sizeof({scalar_t}) * CHAR_BIT;"
++            )
++            code.writeline(
++                f"if ((static_cast<std::make_signed_t<{scalar_t}>>({b}) < 0) || ({b} >= max_shift))"
++            )
++            with code.indent():
++                code.writeline(f"return decltype({a})(0);")
++            code.writeline(
++                f"return decltype({a})(static_cast<std::make_unsigned_t<{scalar_t}>>({a}) << {b});"
++            )
++        code.writeline("()")
++        return code
+ 
+     @staticmethod
+     def bitwise_right_shift(a, b):
+-        return f"decltype({a})({a} >> {b})"
++        code = BracesBuffer()
++        code.writeline("[&]()")
++        with code.indent():
++            scalar_t = DTYPE_TO_CPP[a.dtype]
++            code.writeline(
++                f"constexpr decltype({b}) max_shift = sizeof({scalar_t}) * CHAR_BIT - std::is_signed_v<{scalar_t}>;"
++            )
++            code.writeline(
++                f"if ((static_cast<std::make_signed_t<{scalar_t}>>({b}) < 0) || ({b} >= max_shift))"
++            )
++            with code.indent():
++                code.writeline(f"return decltype({a})({a} >> max_shift);")
++            code.writeline(f"return decltype({a})({a} >> {b});")
++        code.writeline("()")
++        return code
+ 
+     @staticmethod
+     def rand(seed: sympy.Expr, offset: sympy.Expr):
+-- 
+2.45.4
+

SPECS/pytorch/CVE-2025-55560.patch

@@ -0,0 +1,76 @@
+From 225742838bcbf4656a90010257062188f7fcae82 Mon Sep 17 00:00:00 2001
+From: Zhiyi Zhang <violin1781@gmail.com>
+Date: Sat, 26 Apr 2025 21:02:29 +0000
+Subject: [PATCH] Add an additional check to trigger graph break for sparse
+ tensor (#151897)
+
+Fixes #151522
+
+This PR fixes the issue that Dynamo fails to trigger a graph break for sparse tensors in certain code paths. I added an additional check to handle this case, and it resolves the original problem.
+
+Pull Request resolved: https://github.com/pytorch/pytorch/pull/151897
+Approved by: https://github.com/jansel
+
+Modified to apply to Azure Linux
+Upstream Patch Reference: https://github.com/pytorch/pytorch/commit/225742838bcbf4656a90010257062188f7fcae82.patch
+---
+ test/dynamo/test_compile.py        | 13 +++++++++++++
+ torch/_dynamo/variables/builtin.py | 11 +++++++++++
+ 2 files changed, 24 insertions(+)
+
+diff --git a/test/dynamo/test_compile.py b/test/dynamo/test_compile.py
+index 5b2de2b7..a38c1d3e 100644
+--- a/test/dynamo/test_compile.py
++++ b/test/dynamo/test_compile.py
+@@ -71,6 +71,19 @@ class InPlaceCompilationTests(unittest.TestCase):
+             loaded_model = torch.jit.load(os.path.join(tmpdirname, "model.pt"))
+             loaded_model(torch.randn(1, 10))
+ 
++    def test_to_sparse_to_dense_with_graph_break(self):
++        def fn(x):
++            x = x.to_sparse()
++            x = x.to_dense()
++            return x
++
++        x = torch.tensor([[1.0]])
++        c_fn = torch.compile(fn)
++
++        output = fn(x)
++        c_output = c_fn(x)
++        self.assertEqual(output, c_output)
++
+ 
+ # The private variants of the below functions are extensively tested
+ # So as long as the signatures match we're good
+diff --git a/torch/_dynamo/variables/builtin.py b/torch/_dynamo/variables/builtin.py
+index 2a2e9893..beababef 100644
+--- a/torch/_dynamo/variables/builtin.py
++++ b/torch/_dynamo/variables/builtin.py
+@@ -11,6 +11,7 @@ from typing import Dict, List
+ 
+ import torch
+ from torch import sym_float, sym_int
++from torch._subclasses.meta_utils import is_sparse_any
+ 
+ from .. import config, polyfill, variables
+ from ..exc import (
+@@ -1226,6 +1227,16 @@ class BuiltinVariable(VariableTracker):
+                 variables.UserDefinedObjectVariable,
+             ),
+         ):
++
++            if isinstance(obj, TensorVariable):
++                fake_val = obj.proxy.node.meta["example_value"]
++                if (
++                    isinstance(fake_val, torch.Tensor)
++                    and is_sparse_any(fake_val)
++                    and (not tx.export or not config.capture_sparse_compute)
++                ):
++                    unimplemented("torch.compile does not support sparse Tensors")
++
+             try:
+                 return obj.var_getattr(tx, name).clone(source=source)
+             except NotImplementedError:
+-- 
+2.43.0
+

SPECS/pytorch/pytorch.spec

@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.2.2
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -32,6 +32,8 @@ Patch7:         CVE-2021-22569.patch
 Patch8:         CVE-2025-32434.patch
 Patch9:         CVE-2025-3730.patch
 Patch10:        CVE-2025-2953.patch
+Patch11:        CVE-2025-55560.patch
+Patch12:        CVE-2025-46152.patch
 
 %description
 PyTorch is a Python package that provides two high-level features:
@@ -93,6 +95,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Wed Oct 01 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.2.2-8
+- Patch for CVE-2025-55560 & CVE-2025-46152
+
 * Tue Apr 29 2025 Archana Shettigar <v-shettigara@microsoft.com> - 2.2.2-7
 - Patch CVE-2025-2953