Vulnerability issue CVE-2024-31583 and CVE-2024-31580 on torch<2.2.0

[Johere]

There are two CVE vulnerabilities CVE-2024-31583 and CVE-2024-31580 for pytorch under version v2.2.0. Install ipex-llm[xpu] using command: pip install --pre --upgrade ipex-llm[xpu] --extra-index-url https://pytorch-extension.intel.com/release-whl/stable/xpu/cn/

Then these versions would be auto-installed:

torch: 2.1.0a0+cxx11.abi 
torchvision: 0.16.0a0+cxx11.abi 
intel-extension-for-pytorch: 2.1.10+xpu 

If I manually upgrade torch and intel_extension_for_pytorch to: torch==2.3.1+cxx11.abi, intel_extension_for_pytorch==2.3.110+xpu, it would raise an issue:

ImportError: /home/lvm/.python311-env/.official-ipex-llm-xpu/lib/python3.11/site-packages/xe_linear.cpython-311-x86_64-linux-gnu.so: undefined symbol: _ZN3xpu21get_queue_from_streamEN3c106StreamE

The latest llava example can be used to reproduce the problem.

Env check output log is attached: log.txt

Can anyone help on this? I would like to upgrade torch>=2.2.0, thanks!

[Oscilloscope98]

Hi @Johere, would you mind providing us some information regarding your OS and GPU device? :)

[Johere]

Hi @Johere, would you mind providing us some information regarding your OS and GPU device? :)

Hi @Oscilloscope98 , please see the information below:

OS: Ubuntu 24.04 (also validated on Ubuntu 22.04, same problem) GPU device:

Device Name: Intel(R) Arc(TM) A770 Graphics
Vendor Name: Intel(R) Corporation 
SOC UUID: 00000000-0000-0003-0000-000856a08086 
PCI BDF Address: 0000:03:00.0
DRM Device: /dev/dri/card1
Function Type: physical