[MEDIUM] Patch pytorch for CVE-2025-2953 (#13642)

archana25-ms · web-flow · commit d683e86cf6fc · 2025-05-20T20:31:47.000+05:30
diff --git a/SPECS/pytorch/CVE-2025-2953.patch b/SPECS/pytorch/CVE-2025-2953.patch
@@ -0,0 +1,44 @@
+From 9f61c215128adce56200d0bf30992e791725e4ad Mon Sep 17 00:00:00 2001
+From: archana25-ms <v-shettigara@microsoft.com>
+Date: Tue, 6 May 2025 20:12:29 +0000
+Subject: [PATCH] Patch pytorch for CVE-2025-2953
+Upstream Patch Reference: https://github.com/pytorch/pytorch/commit/6f327128a99debfb2312ee256523ad6b62f763d6
+
+---
+ aten/src/ATen/native/mkldnn/Utils.cpp | 1 +
+ test/test_mkldnn.py                   | 7 +++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/aten/src/ATen/native/mkldnn/Utils.cpp b/aten/src/ATen/native/mkldnn/Utils.cpp
+index 400eb916..e240a2d2 100644
+--- a/aten/src/ATen/native/mkldnn/Utils.cpp
++++ b/aten/src/ATen/native/mkldnn/Utils.cpp
+@@ -19,6 +19,7 @@ std::vector<int64_t> pool_output_sizes(
+   output_size[1] = input_size[1];
+ 
+   for (const auto i : c10::irange(2, input_size.size())) {
++    TORCH_CHECK_VALUE(stride[i -2] > 0, "Strides must be positive!");
+     output_size[i] = pooling_output_shape_pad_lr<int64_t>(
+       input_size[i],
+       kernel_size[i - 2],
+diff --git a/test/test_mkldnn.py b/test/test_mkldnn.py
+index 7c39d36e..cf599c70 100644
+--- a/test/test_mkldnn.py
++++ b/test/test_mkldnn.py
+@@ -1588,6 +1588,13 @@ class TestMkldnn(TestCase):
+                         cn2.sum().backward(retain_graph=True)
+                         self.assertEqual(c1.grad, c2.grad, rtol=rtol, atol=atol)
+ 
++    def test_mkldnn_error_on_zero_stride(self, device):
++        # Regression test for https://github.com/pytorch/pytorch/issues/149274
++        x = torch.rand(1, 2, 3, 3).to_mkldnn()
++        with self.assertRaises(ValueError):
++            torch.mkldnn_max_pool2d(x, kernel_size=3, stride=0)
++
++
+ 
+ if __name__ == '__main__':
+     run_tests()
+-- 
+2.45.3
+
diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec
@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.0.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -19,6 +19,7 @@ Patch4:         CVE-2024-27318.patch
 Patch5:         CVE-2022-1941.patch
 Patch6:         CVE-2025-32434.patch
 Patch7:         CVE-2025-3730.patch
+Patch8:         CVE-2025-2953.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc
@@ -91,6 +92,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Tue Apr 29 2025 Archana Shettigar <v-shettigara@microsoft.com> - 2.0.0-9
+- Patch CVE-2025-2953
+
 * Wed Apr 23 2025 Kanishk Bansal <kanbansal@microsoft.com> - 2.0.0-8
 - Patch CVE-2025-32434, CVE-2025-3730
 
