{
  "public_date" : "2025-03-20T10:11:37Z",
  "bugzilla" : {
    "description" : "pytorch: Deserialization of Untrusted Data in pytorch/pytorch",
    "id" : "2353598",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2353598"
  },
  "cwe" : "CWE-502",
  "details" : [ "A flaw was found in PyTorch. This vulnerability allows an attacker to execute arbitrary code remotely via a maliciously crafted serialized PythonUDF object." ],
  "statement" : "This CVE has been rejected because it describes known functionality of PyTorch.",
  "package_state" : [ {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Not affected",
    "package_name" : "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-aws-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-gcp-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-ibm-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-intel-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/docling-serve-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/instructlab-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/instructlab-intel-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/instructlab-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/ui-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-api-server-v2-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-driver-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-launcher-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-7804\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7804\nhttps://huntr.com/bounties/0e870eeb-f924-4054-8fac-d926b1fb7259" ],
  "name" : "CVE-2024-7804",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}