weights_only=True returns quantized tensor with unchecked stride; downstream dequantize() reads attacker-chosen offset of process memory on torch 2.12.0

May 21, 2026 · #184652
View on GitHub
Python Difficulty: Medium

Labels

triage review module: crash module: pickle module: serialization module: correctness (silent)

Parent Repository

pytorch/pytorch

Python repository

100,083 27,851
Ready to work on this? Walk through the full fork-to-PR workflow so your first contribution goes smoothly.
All Issues Back to pytorch

Sign in required

Authenticate to use favourites & bookmarks

5