一、漏洞信息

漏洞编号：[CVE-2024-7804](https://nvd.nist.gov/vuln/detail/CVE-2024-7804)

漏洞归属组件：[pytorch](https://gitee.com/src-openeuler/pytorch)

漏洞归属的版本：1.11.0,1.6.0,2.0.1,2.1.2

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.

漏洞公开时间：2025-03-20 18:15:37

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7804

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.huntr.dev | https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259 | |

| huntr | | https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(2.1.2):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3(1.6.0):

4.openEuler-22.03-LTS-SP4(1.6.0):

5.openEuler-24.03-LTS(2.1.2):

6.openEuler-24.03-LTS-Next(2.1.2):

7.openEuler-24.03-LTS-SP1(2.1.2):

修复是否涉及abi变化(是/否)：

1.master(2.1.2):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3(1.6.0):

4.openEuler-22.03-LTS-SP4(1.6.0):

5.openEuler-24.03-LTS(2.1.2):

6.openEuler-24.03-LTS-Next(2.1.2):

7.openEuler-24.03-LTS-SP1(2.1.2):

原因说明：

1.master(2.1.2):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3(1.6.0):

4.openEuler-22.03-LTS-SP4(1.6.0):

5.openEuler-24.03-LTS(2.1.2):

6.openEuler-24.03-LTS-Next(2.1.2):

7.openEuler-24.03-LTS-SP1(2.1.2):

一、漏洞信息

漏洞编号：[CVE-2024-7804](https://nvd.nist.gov/vuln/detail/CVE-2024-7804)

漏洞归属组件：[pytorch](https://gitee.com/src-openeuler/pytorch)

漏洞归属的版本：1.11.0,1.6.0,2.0.1,2.1.2

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.

漏洞公开时间：2025-03-20 18:15:37

漏洞创建时间：2025-03-20 19:51:03

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7804

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.huntr.dev | https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259 | |

一、漏洞信息

漏洞编号：[CVE-2024-7804](https://nvd.nist.gov/vuln/detail/CVE-2024-7804)

漏洞归属组件：[pytorch](https://gitee.com/src-openeuler/pytorch)

漏洞归属的版本：1.11.0,1.6.0,2.0.1,2.1.2

CVSS V3.0分值：

BaseScore：9.8 Critical

Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

漏洞简述：

漏洞公开时间：2025-03-20 18:15:37

漏洞创建时间：2025-03-20 19:51:03

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7804

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| security.huntr.dev | https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259 | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7804 |

| huntr | | https://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(2.1.2):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3(1.6.0):

4.openEuler-22.03-LTS-SP4(1.6.0):

修复是否涉及abi变化(是/否)：

1.master(2.1.2):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3(1.6.0):

4.openEuler-22.03-LTS-SP4(1.6.0):

原因说明：

1.master(2.1.2):

2.openEuler-20.03-LTS-SP4:

3.openEuler-22.03-LTS-SP3(1.6.0):

4.openEuler-22.03-LTS-SP4(1.6.0):