The popular deep learning framework PyTorch Lightning has been found to harbor serious deserialisation vulnerabilities, impacting all versions up to 2.4.0. These flaws, discovered by Kasimir Schulz of HiddenLayer and disclosed by CERT/CC, risk allowing attackers to execute arbitrary code when untrusted model files are loaded. Given the framework's wide adoption in research and enterprise ML pipelines—with over 200 million downloads—the implications for security are significant. The lack of safeguards in functions like torch.load() makes the framework susceptible to malicious code execution, necessitating immediate attention from users and developers.
The deserialisation vulnerabilities, identified under the reference VU#252619, impact all versions of the PyTorch Lightning framework up to 2.4.0, allowing for potential arbitrary code execution.
The discovery was made by Kasimir Schulz from HiddenLayer and disclosed in coordination with CERT/CC. The implications involve risks from loading untrusted model files.
PyTorch Lightning streamlines distributed training and has been cited in numerous research papers, highlighting the growing adoption and the potential impacts of these vulnerabilities.
Deserialisation functions like torch.load() and Python's pickle module lack inherent safeguards. This can lead to the execution of malicious code embedded in model files.
Collection
[
|
...
]