Need to fix CVE-2024-5480 as it's a critical issue in the PyTorch distributed RPC framework and can lead to remote code execution (RCE) while multi-cpu RPC communication.
Although the vulnerable version of Pytorch is used or install via pip, but the vulnerable function is not called/used for RHEL-AI, that is 'torch.distributed.rpc' or any kind of rpc.
Need to fix CVE-2024-5480 as it's a critical issue in the PyTorch distributed RPC framework and can lead to remote code execution (RCE) while multi-cpu RPC communication.
Although the vulnerable version of Pytorch is used or install via pip, but the vulnerable function is not called/used for RHEL-AI, that is 'torch.distributed.rpc' or any kind of rpc.
_Ref & PoC & More at https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3_
Before marge please test all functionality and do required code changes to merge it in main branch.
Thanks Sandipan Roy