Skip to content

Update dependency torch [SECURITY]#52

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-torch-vulnerability
Open

Update dependency torch [SECURITY]#52
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-torch-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Aug 7, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
torch ==2.8.0+cu126==2.12.1+cu126 age adoption passing confidence
torch ==2.6.0==2.12.1 age adoption passing confidence
torch ==2.5.1==2.12.1 age adoption passing confidence
torch ==2.8.0==2.12.1 age adoption passing confidence

BIT-pytorch-2025-55551 / CVE-2025-55551 / PYSEC-2025-203

More information

Details

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-55552 / CVE-2025-55552 / PYSEC-2025-204

More information

Details

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-55554 / CVE-2025-55554 / PYSEC-2025-206

More information

Details

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

PyTorch is vulnerable to memory corruption through its unpack_sequence function

BIT-pytorch-2025-2999 / CVE-2025-2999 / GHSA-vgrw-7cvw-pwgx / PYSEC-2025-193

More information

Details

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

A patch is available through commit 4945180.

Severity

  • CVSS Score: 4.8 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

BIT-pytorch-2025-3001 / CVE-2025-3001 / GHSA-qfhq-4f3w-5fph / PYSEC-2025-195

More information

Details

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

A patch is available through commit 999d94b.

Severity

  • CVSS Score: 1.9 / 10 (Low)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

BIT-pytorch-2026-4538 / CVE-2026-4538 / PYSEC-2026-139

More information

Details

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

Severity

  • CVSS Score: 7.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

PyTorch is vulnerable to memory corruption through its torch.jit.script function

BIT-pytorch-2025-3000 / CVE-2025-3000 / GHSA-rrmf-rvhw-rf47 / PYSEC-2025-194

More information

Details

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Severity

  • CVSS Score: 1.9 / 10 (Low)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument

BIT-pytorch-2025-2148 / CVE-2025-2148 / GHSA-c678-jfcj-6jmf / PYSEC-2025-189

More information

Details

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

Severity

  • CVSS Score: 2.3 / 10 (Low)
  • Vector String: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

PyTorch is Vulnerable to Memory Consumption through pad_packed_sequence Function

BIT-pytorch-2025-2998 / CVE-2025-2998 / GHSA-f4hp-rmr7-r7v8 / PYSEC-2025-192

More information

Details

A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity

  • CVSS Score: 4.8 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module

BIT-pytorch-2025-2149 / CVE-2025-2149 / GHSA-x3gm-94wq-g975 / PYSEC-2025-190

More information

Details

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity

  • CVSS Score: 2.0 / 10 (Low)
  • Vector String: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-2953 / CVE-2025-2953 / GHSA-3749-ghw9-m3mg / PYSEC-2025-191

More information

Details

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Severity

  • CVSS Score: 5.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-46148 / CVE-2025-46148 / PYSEC-2025-198

More information

Details

In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-46149 / CVE-2025-46149 / PYSEC-2025-199

More information

Details

In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-46150 / CVE-2025-46150 / PYSEC-2025-200

More information

Details

In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-46152 / CVE-2025-46152 / PYSEC-2025-201

More information

Details

In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-46153 / CVE-2025-46153 / PYSEC-2025-202

More information

Details

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

PyTorch susceptible to local Denial of Service

BIT-pytorch-2025-2953 / CVE-2025-2953 / GHSA-3749-ghw9-m3mg / PYSEC-2025-191

More information

Details

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity

  • CVSS Score: 1.9 / 10 (Low)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-55553 / CVE-2025-55553 / PYSEC-2025-205

More information

Details

A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-55557 / CVE-2025-55557 / PYSEC-2025-207

More information

Details

A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-55558 / CVE-2025-55558 / PYSEC-2025-208

More information

Details

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-55560 / CVE-2025-55560 / PYSEC-2025-209

More information

Details

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

PyTorch Improper Resource Shutdown or Release vulnerability

BIT-pytorch-2025-3730 / CVE-2025-3730 / GHSA-887c-mr87-cxwp

More information

Details

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.

Severity

  • CVSS Score: 4.8 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

PyTorch: torch.load with weights_only=True leads to remote code execution

BIT-pytorch-2025-32434 / CVE-2025-32434 / GHSA-53q9-r3pm-6pq6 / PYSEC-2025-41

More information

Details

Description

I found a Remote Command Execution (RCE) vulnerability in PyTorch. When loading model using torch.load with weights_only=True, it can still achieve RCE.

Background knowledge

https://github.com/pytorch/pytorch/security
As you can see, the PyTorch official documentation considers using torch.load() with weights_only=True to be safe.
image
Since everyone knows that weights_only=False is unsafe, so they will use the weights_only=True to mitigate the seucirty issue.
But now, I just proved that even if you use weights_only=True, it can still achieve RCE.

Credit

This vulnerability was found by Ji'an Zhou.

Severity

  • CVSS Score: 9.3 / 10 (Critical)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

BIT-pytorch-2025-32434 / CVE-2025-32434 / GHSA-53q9-r3pm-6pq6 / PYSEC-2025-41

More information

Details

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).

Release Notes

pytorch/pytorch (torch)

v2.12.1

Compare Source

v2.12.0: PyTorch 2.12.0 Release

Compare Source

PyTorch 2.12.0 Release Notes

Highlights

Batched linalg.eigh on CUDA is up to 100x faster due to updated cuSolver backend selection.
New torch.accelerator.Graph API unifies graph capture and replay across CUDA, XPU, and out-of-tree backends.
torch.export.save now supports Microscaling (MX) quantization formats, enabling full export of aggressively compressed models.
Adagrad now supports fused=True, joining Adam, AdamW, and SGD with a single-kernel optimizer implementation.
torch.cond control flow can now be captured and replayed inside CUDA Graphs.
ROCm users gain expandable memory segments, rocSHMEM symmetric memory collectives, and FlexAttention pipelining.

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Backwards Incompatible Changes

Build Frontend

  • Strengthened SVE compile checks in FindARM.cmake, which may reject previously accepted but incorrect SVE configurations (#​176646)

    Source builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.

  • Updated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (#​178925)

    Building PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure CUDA_HOME points to that installation.

    Version 2.11:

    CUDA_HOME=/usr/local/cuda-12.4 python setup.py develop

    Version 2.12:

    CUDA_HOME=/usr/local/cuda-12.6 python setup.py develop

  • Enforced a C++20 minimum in CMake build files (#​178662)

    Source builds now require a compiler and build configuration that support C++20. If you maintain custom build scripts or downstream extensions that build PyTorch from source, update the compiler and remove assumptions that PyTorch can be built as C++17.

Distributed

  • torch.distributed.nn.functional ops now raise RuntimeError under torch.compile (#​177342)

    All ops in torch.distributed.nn.functional (e.g., broadcast, all_reduce, all_gather, reduce_scatter, all_to_all_single) now raise RuntimeError when called inside torch.compile. Users should migrate to the functional collectives API in torch.distributed._functional_collectives.

    Version 2.11:

    @​torch.compile
def my_func(x):
    return torch.distributed.nn.functional.all_reduce(x, op=ReduceOp.SUM)

    Version 2.12:

    @​torch.compile
def my_func(x):
    return torch.distributed._functional_collectives.all_reduce(x, reduceOp="sum", group=group)

TorchElastic

  • torchrun now defaults to an OS-assigned free port for single-node training instead of port 29500 (#​175699)

    When running torchrun --nproc-per-node=N script.py without specifying --master-port or --standalone, the default behavior now automatically uses an OS-assigned free port via the c10d rendezvous backend. This eliminates "Address already in use" errors when running multiple training jobs concurrently. Multi-node training, explicit --master-port, PET_MASTER_PORT env var, and --standalone are unchanged.

    Version 2.11:

    # Used static rendezvous on port 29500 by default
torchrun --nproc-per-node=4 train.py

    Version 2.12:

    # Uses OS-assigned free port by default
torchrun --nproc-per-node=4 train.py

# To explicitly use a fixed port:
torchrun --nproc-per-node=4 --master-port=29500 train.py

MPS

  • All MPS tensors are now allocated in unified memory (#​175818)

    Previously, MPS tensors could be allocated in either device-only or unified memory. Now all MPS tensors use unified memory unconditionally. This simplifies memory management and enables CPU access to MPS tensor data without explicit copies. Code that relied on device-only memory placement may observe different performance characteristics.

Inductor

  • The max_autotune layout-constraint deferral introduced in 2.11 is now opt-in (#​175330)

    In 2.11, Inductor deferred layout freezing for max_autotune templates to expose more fusion opportunities. This caused a regional-inductor failure mode, so the default in 2.12 reverts to immediate layout freezing. Users who relied on the deferred behavior for fusion opportunities should opt in explicitly via torch._inductor.config.max_autotune_defer_layout_freezing or TORCHINDUCTOR_MAX_AUTOTUNE_DEFER_LAYOUT_FREEZING=1.

    Version 2.11:

    # Deferred layout freezing was the default
torch.compile(model, mode="max-autotune")

    Version 2.12:

    import torch._inductor.config as cfg
cfg.max_autotune_defer_layout_freezing = True
# or set TORCHINDUCTOR_MAX_AUTOTUNE_DEFER_LAYOUT_FREEZING=1
torch.compile(model, mode="max-autotune")

Deprecations

Release Engineering

  • Deprecate CUDA 12.8 builds in favor of CUDA 13.0 (#​179072)

    CUDA 12.8 binaries have been removed from the PyTorch binary build matrix. CUDA 13.0 is now the stable default and CUDA 12.6 remains available for users on older drivers. Users explicitly pinning the cu128 index URL will need to switch to cu130 (recommended) or cu126.

    Version 2.11:

    pip install torch --index-url https://download.pytorch.org/whl/cu128

    Version 2.12:

    # Use CUDA 13.0 (default on PyPI):
pip install torch
# Or explicitly:
pip install torch --index-url https://download.pytorch.org/whl/cu130
# Older driver fallback:
pip install torch --index-url https://download.pytorch.org/whl/cu126

  • Compatibility with CMake < 3.10 will be removed in a future release (#​166259)

    Source builds against CMake versions older than 3.10 now emit a deprecation warning. A future release will require CMake 3.10 or newer; please upgrade CMake before then.

Linear Algebra

  • Several CUDA linear algebra operators no longer use the MAGMA backend and now dispatch to cuSolver or cuBLAS unconditionally:

    • torch.linalg.eigh now dispatches to cuSolver (#​174619)
    • torch.linalg.lu_solve now dispatches to cuSolver/cuBLAS (#​174248)
    • torch.linalg.cholesky_inverse now dispatches to cuSolver (#​174681)
    • torch.linalg.cholesky_solve now dispatches to cuSolver (#​174769)

    User code calling these APIs does not need to change. The practical impact is for users who depended on MAGMA-specific numerical behavior, performance characteristics, or debugging. Those calls now use the cuSolver/cuBLAS implementations on CUDA.

FullyShardedDataParallel2 (FSDP2)

  • Compiling through FSDP2 hooks without graph breaks is no longer supported (#​174863, #​174906). If you use compiled autograd with FSDP2, update your code to allow graph breaks around FSDP2 hooks or disable compiled autograd for the FSDP2 training step.

    Version 2.11:

    with torch._dynamo.config.patch(compiled_autograd=True):
    compiled_model = torch.compile(fsdp_model, fullgraph=True)
    loss = compiled_model(input).sum()
    loss.backward()

    Version 2.12:

    # Either run FSDP2 backward without fullgraph.
compiled_model = torch.compile(fsdp_model, fullgraph=False)
loss = compiled_model(input).sum()
loss.backward()

# Or apply compile before applying FSDP.
compiled_model_pre_fsdp = torch.compile(model, fullgraph=True)
compiled_model = fully_shard(compiled_model_pre_fsdp, ...)
loss = compiled_model(input).sum()
loss.backward()

Profiler

  • Profiler's metadata_json field is now deprecated; use event_metadata instead (#​179417)

    Version 2.11:

    metadata = event.metadata_json

    Version 2.12:

    metadata = event.event_metadata

Dynamo

  • torch.compile(fullgraph=True) now warns when a call runs no compiled code; will error in 2.13 (#​181940)

    Previously fullgraph=True was only validated once Dynamo actually compiled and ran the function. If Dynamo was bypassed at call time (e.g. under a user-defined TorchDispatchMode), the annotation silently had no effect. 2.12 emits a warning; 2.13 will raise. For graph-break errors without fullgraph's stronger guarantees, use torch._dynamo.error_on_graph_break.

    Version 2.12:

    from torch.utils._python_dispatch import TorchDispatchMode

class LoggingMode(TorchDispatchMode):
    def __torch_dispatch__(self, func, types, args=(), kwargs=None):
        return func(*args, **(kwargs or {}))

@&#8203;torch.compile(fullgraph=True)
def model(x):
    return x.sin() + 1

# A user-defined TorchDispatchMode is active, so Dynamo skips the frame
# and no compiled code runs — emits a warning in 2.12, will raise in 2.13.
with LoggingMode(): # Remove this to fix warning
    model(torch.randn(3, 4))

  • The inline_inbuilt_nn_modules Dynamo config is deprecated (#​177489, #​178205)

    Inlining of in-built nn.Module instances is now the default; setting the flag emits a deprecation warning and it will be removed in a future release.

    Version 2.11:

    import torch._dynamo.config as cfg
cfg.inline_inbuilt_nn_modules = True  # was a tunable knob

    Version 2.12:

    # No action needed — inlining is on by default.
# Remove any explicit references to torch._dynamo.config.inline_inbuilt_nn_modules.

  • Added a deprecation framework to the torch.compile config module so individual options can be marked deprecated (#​169837)

New Features

Release Engineering

Python Frontend

  • Introduced torch.accelerator.Graph as a unified frontend Graph interface (#​171285)

Foreach

  • Add _foreach_clone operator, with a fast path for CUDA utilizing _foreach_copy_ (#​177421)

Distributed

  • Add Store::barrier API and TCPStore client BARRIER support, reducing synchronization round trips compared to the existing ADD+WAIT pattern (#​174920)
  • Add NCCL communicator suspend(), resume(), and memory_stats() APIs for managing communicator memory lifecycle (#​176300)
  • Add all_to_all support in the Gloo backend (#​165435)
  • Add reduce_scatter_offset to symmetric memory, supporting variable-sized block reductions with NVLink multicast or LSA fallback (#​177791)
  • Enable batch_isend_irecv to work under torch.compile (#​161213)
  • Add torch.distributed.symmetric_memory.is_symm_mem_tensor() API to check if a tensor is a symmetric memory tensor (#​178947)
  • Convert NanCheck to a standalone op (torch.ops.c10d.check_for_nan) usable outside of ProcessGroupNCCL (#​174990)

DTensor

  • Add support for twice-differentiable DTensor redistribution (#​160509)
  • DeviceMesh is now traceable by torch.compile. Make DeviceMesh opaque (#​176661), Make placements opaque (#​171482).
  • Add grad_placements parameter to DTensor.from_local(), allowing explicit control over gradient placements in the backward pass (#​175867)

FullyShardedDataParallel2 (FSDP2)

  • Support per-parameter meshes in FSDP2, enabling different parameter groups to shard over different meshes (#​173509)
  • Support fully_shard with DTensors on a full SPMD mesh via DataParallelMeshDims (#​176334)
  • Add FSDP2 support for non-floating-point parameters by excluding non-float parameters from reduce-scatter while still sharding and all-gathering them as needed (#​177948)

TorchElastic

  • Add configurable --shutdown-timeout to torchrun for controlling the SIGTERM-to-SIGKILL timeout during worker shutdown (#​172596)

CPU x86

  • Expose a CPUBlas brgemm API for fp8 (e4m3 & e5m2) GEMM, backed by oneDNN (#​172548)

CUDA

  • Added support for torch.cond with CUDA graphs, using conditional graph nodes (CUDA 12.4+) so data-dependent control flow can be captured entirely inside a single CUDA graph. Works with the eager and cudagraphs torch.compile backends (no Inductor support yet). (#​168912)

MPS

  • Implemented linalg_qr for MPS (#​172536)
  • Added cholesky_solve support on MPS (#​176703)
  • Added index_reduce on MPS (#​174936)
  • Implemented torch.distributions.Gamma (forward + backward) on MPS (#​179228)
  • Enabled mvlgamma on MPS (#​178914)
  • Added nonzero_static implementation on MPS (#​179589) (from miscategorized)

ROCm

Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone America/Toronto)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner August 7, 2025 03:03
@renovate renovate Bot added the renovatebot label Sep 15, 2025
@renovate renovate Bot force-pushed the renovate/pypi-torch-vulnerability branch from 71e3625 to 44ade71 Compare September 25, 2025 21:25
@renovate renovate Bot force-pushed the renovate/pypi-torch-vulnerability branch from 44ade71 to 4345a71 Compare December 15, 2025 19:48
@renovate renovate Bot force-pushed the renovate/pypi-torch-vulnerability branch from 4345a71 to 420fb32 Compare May 21, 2026 20:18
@renovate renovate Bot changed the title Update dependency torch to v2.8.0 [SECURITY] Update dependency torch [SECURITY] May 21, 2026
@renovate

renovate Bot commented May 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: model-servers/vllm/0.11.0/Pipfile.lock
Command failed: pipenv lock
Creating a virtualenv for this project
Pipfile: 
/tmp/renovate/repos/github/redhat-ai-dev/developer-images/model-servers/vllm/0.1
1.0/Pipfile
Using /usr/local/bin/python3 3.11.15 to create virtualenv...
created virtual environment CPython3.11.15.final.0-64-x86_64 in 625ms
  creator CPython3Posix(dest=/runner/cache/others/virtualenvs/0.11.0-aiUPqbIp, 
clear=False, no_vcs_ignore=False, global=False)
  seeder FromAppData(download=False, pip=bundle, setuptools=bundle, via=copy, 
app_data_dir=/tmp/containerbase/cache/.cache/virtualenv)
    added seed packages: pip==26.1.2, setuptools==82.0.1
  activators 
BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator
,PythonActivator,XonshActivator

✔ Successfully created virtual environment!
Virtualenv location: /runner/cache/others/virtualenvs/0.11.0-aiUPqbIp
Locking  dependencies...
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:Cannot 
install -r /tmp/pipenv-e61ndcr9-requirements/pipenv-eor095e1-constraints.txt 
(line 22) and torch==2.12.1+cu126 because these package versions have 
conflicting dependencies.
CRITICAL:pipenv.patched.pip._internal.resolution.resolvelib.factory:
The conflict is caused by:
    The user requested torch==2.12.1+cu126
    xformers 0.0.32.post1 depends on torch==2.8.0
Additionally, some packages in these conflicts have no matching distributions 
available for your environment:
    torch
To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip to attempt to solve the dependency 
conflict
Your dependencies could not be resolved. You likely have a mismatch in your 
sub-dependencies.
You can use $ pipenv run pip install <requirement_name> to bypass this 
mechanism, then run $ pipenv graph to inspect the versions actually installed in
the virtualenv.
Hint: try $ pipenv lock --pre if it is a pre-release dependency.
Hint: try $ pipenv lock --verbose to see the full dependency resolution output.
ERROR: ResolutionImpossible: for help visit 
https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-depende
ncy-conflicts
The conflict is caused by:
    The user requested torch==2.12.1+cu126
    xformers 0.0.32.post1 depends on torch==2.8.0

Hint: Re-run with --verbose to see the full dependency resolution output and 
identify which packages are in conflict.
Traceback (most recent call last):
  File 
"/opt/containerbase/tools/pipenv/2026.6.2/3.11.15/lib/python3.11/site-packages/p
ipenv/routines/lock.py", line 94, in do_lock
    venv_resolve_deps(
  File 
"/opt/containerbase/tools/pipenv/2026.6.2/3.11.15/lib/python3.11/site-packages/p
ipenv/utils/resolver.py", line 1467, in venv_resolve_deps
    c = resolve(cmd, st, project=project)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/opt/containerbase/tools/pipenv/2026.6.2/3.11.15/lib/python3.11/site-packages/p
ipenv/utils/resolver.py", line 1240, in resolve
    raise ResolutionFailure("Failed to lock Pipfile.lock!")
pipenv.exceptions.ResolutionFailure: ERROR: Failed to lock Pipfile.lock!

@renovate renovate Bot changed the title Update dependency torch [SECURITY] Update dependency torch [SECURITY] - autoclosed Jun 14, 2026
@renovate renovate Bot closed this Jun 14, 2026
@renovate renovate Bot deleted the renovate/pypi-torch-vulnerability branch June 14, 2026 07:23
@renovate renovate Bot changed the title Update dependency torch [SECURITY] - autoclosed Update dependency torch to v2.12.1+cu126 [SECURITY] Jun 17, 2026
@renovate renovate Bot reopened this Jun 17, 2026
@renovate renovate Bot force-pushed the renovate/pypi-torch-vulnerability branch 2 times, most recently from 420fb32 to 7979fad Compare June 17, 2026 18:57
@renovate
Update dependency torch [SECURITY]
3cce415 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot force-pushed the renovate/pypi-torch-vulnerability branch from 7979fad to 3cce415 Compare June 18, 2026 01:40
@renovate renovate Bot changed the title Update dependency torch to v2.12.1+cu126 [SECURITY] Update dependency torch [SECURITY] Jun 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovatebot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants