cve 2024 31584

About this tag
CVE-2024-31584 is an out-of-bounds read vulnerability in PyTorch affecting the mobile FlatBuffers loader in releases prior to v2.2.0. It can cause crashes or information disclosure when a specially crafted FlatBuffer is processed. Microsoft has confirmed that Azure Linux includes the affected open-source library and is potentially impacted. The vulnerability is tracked in mainstream CVE databases, and upstream PyTorch fixes have been merged. This tag covers discussions about the risk, remediation, and Microsoft's response regarding CVE-2024-31584.
  1. CVE-2024-31584: Azure Linux PyTorch Risk and Remediation Guide

    Microsoft’s short public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for the inventory Microsoft has completed, but it is not a technical proof that no other Microsoft product could contain the same vulnerable PyTorch code...