CNNVD-202601-4734 Information
Jan 28, 2026
cve
CNNVD ID
CNNVD-202601-4734
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Oneflow是Oneflow开源的一个深度学习框架。 OneFlow 0.9.0版本存在安全漏洞,该漏洞源于设备ID验证缺陷,可能导致通过无效或超出范围的GPU设备索引调用flow.cuda.synchronize进行拒绝服务攻击。
Description (English)
OneFlow is an in-depth learning framework for OneFlow open source. OneFlow version 0.9.0 contains a security loophole, which stems from equipment ID verification defects, which could lead to a denial of service attack using an invalid or out-of-scope GPU device index.cuda.synchronize.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Oneflow
Published
2026-01-28
Last Modified
2026-02-24
References
http://oneflow.com https://github.com/Daisy2ang https://github.com/Oneflow-Inc/oneflow https://github.com/Oneflow-Inc/oneflow/issues/10662
Patch
https://github.com/Oneflow-Inc/oneflow/releases
Share on: