CNNVD-202506-3098 Information
CNNVD ID
CNNVD-202506-3098
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
NVIDIA Megatron-LM是美国英伟达(NVIDIA)公司的一个基于PyTorch 的分布式训练框架,专门用于训练大型Transformer语言模型。 NVIDIA Megatron-LM存在代码注入漏洞,该漏洞源于python组件可能允许攻击者通过恶意文件进行代码注入,可能导致代码执行、权限提升、信息泄露和数据篡改。
Description (English)
NVIDIA Megatron-LM is a distributional training framework based on PyTorch, Inc. of the United States of America, dedicated to training large Transformer language models. NVIDIA Megatron-LM has a code-infusion loophole, which stems from the python component, which may allow the assailant to inject the code through malicious documents, which may lead to code execution, power enhancement, information disclosure and data manipulation.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
NVS365
Published
2025-06-24
Last Modified
2026-02-24
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5663 https://access.redhat.com/security/cve/cve-2025-23264
Patch
https://github.com/NVIDIA/Megatron-LM/releases
Share on: