VU#252619: Multiple deserializ... Note

VU#252619: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions

PyTorch Lightning versions 2.4.0 and earlier have vulnerabilities related to unsafe deserialization of untrusted data. These vulnerabilities arise from the use of torch.load() without proper security measures. Specifically, the framework does not enforce the weights_only=True parameter, which mitigates the risks of loading arbitrary code. Five vulnerabilities were identified, including issues within DeepSpeed integration, PickleSerializer class, _load_distributed_checkpoint, _lazy_load, and Cloud_IO module. These components lack adequate safeguards when deserializing model checkpoints and related data. Exploiting these vulnerabilities could allow malicious files to execute arbitrary code within the system. This can lead to full system compromise if a user unknowingly loads a malicious file from a local or remote source. Mitigations include verifying file origins, using sandboxed environments, and performing static and dynamic analysis. Disabling unnecessary deserialization features by ensuring that torch.load() is always used with weights_only = True is recommended.