[MEDIUM] Patch pytorch for CVE-2025-2953 (#13641)

archana25-ms · web-flow · commit 2a6d8d2ef8ef · 2025-05-13T20:59:54.000+05:30
diff --git a/SPECS/pytorch/CVE-2025-2953.patch b/SPECS/pytorch/CVE-2025-2953.patch
@@ -0,0 +1,44 @@
+From 9f61c215128adce56200d0bf30992e791725e4ad Mon Sep 17 00:00:00 2001
+From: archana25-ms <v-shettigara@microsoft.com>
+Date: Tue, 6 May 2025 20:12:29 +0000
+Subject: [PATCH] Patch pytorch for CVE-2025-2953
+Upstream Patch Reference: https://github.com/pytorch/pytorch/commit/6f327128a99debfb2312ee256523ad6b62f763d6
+
+---
+ aten/src/ATen/native/mkldnn/Utils.cpp | 1 +
+ test/test_mkldnn.py                   | 7 +++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/aten/src/ATen/native/mkldnn/Utils.cpp b/aten/src/ATen/native/mkldnn/Utils.cpp
+index 400eb916..e240a2d2 100644
+--- a/aten/src/ATen/native/mkldnn/Utils.cpp
++++ b/aten/src/ATen/native/mkldnn/Utils.cpp
+@@ -19,6 +19,7 @@ std::vector<int64_t> pool_output_sizes(
+   output_size[1] = input_size[1];
+ 
+   for (const auto i : c10::irange(2, input_size.size())) {
++    TORCH_CHECK_VALUE(stride[i -2] > 0, "Strides must be positive!");
+     output_size[i] = pooling_output_shape_pad_lr<int64_t>(
+       input_size[i],
+       kernel_size[i - 2],
+diff --git a/test/test_mkldnn.py b/test/test_mkldnn.py
+index 7c39d36e..cf599c70 100644
+--- a/test/test_mkldnn.py
++++ b/test/test_mkldnn.py
+@@ -1588,6 +1588,13 @@ class TestMkldnn(TestCase):
+                 common(self, shape1, shape2, op, dtype)
+ 
+ 
++    def test_mkldnn_error_on_zero_stride(self, device):
++        # Regression test for https://github.com/pytorch/pytorch/issues/149274
++        x = torch.rand(1, 2, 3, 3).to_mkldnn()
++        with self.assertRaises(ValueError):
++            torch.mkldnn_max_pool2d(x, kernel_size=3, stride=0)
++
++
+ instantiate_device_type_tests(TestMkldnn, globals(), only_for=('cpu',))
+ 
+ if __name__ == '__main__':
+-- 
+2.45.3
+
diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec
@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.2.2
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -31,6 +31,7 @@ Patch6:         CVE-2024-7776.patch
 Patch7:         CVE-2021-22569.patch
 Patch8:         CVE-2025-32434.patch
 Patch9:         CVE-2025-3730.patch
+Patch10:        CVE-2025-2953.patch
 
 %description
 PyTorch is a Python package that provides two high-level features:
@@ -92,6 +93,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Tue Apr 29 2025 Archana Shettigar <v-shettigara@microsoft.com> - 2.2.2-7
+- Patch CVE-2025-2953
+
 * Wed Apr 23 2025 Kanishk Bansal <kanbansal@microsoft.com> - 2.2.2-6
 - Patch CVE-2025-32434, CVE-2025-3730
 
