CVE-2025-71011
📋 TL;DR
An input validation vulnerability in OneFlow's tensor creation functions allows attackers to trigger a Denial of Service (DoS) by providing specially crafted inputs. This affects systems running OneFlow v0.9.0 where these tensor operations are exposed to untrusted input. Users of the OneFlow deep learning framework are primarily affected.
💻 Affected Systems
- OneFlow
📦 What is this software?
Oneflow by Oneflow
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to application crash or resource exhaustion, disrupting machine learning workflows and dependent services.
Likely Case
Application instability or crashes when processing malicious tensor creation requests, requiring manual restart.
If Mitigated
Minimal impact with proper input validation and isolation of tensor operations from untrusted sources.
🎯 Exploit Status
Exploitation requires ability to call vulnerable tensor methods with crafted input, typically through application code or API exposure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.9.1 or later
Vendor Advisory: https://github.com/Oneflow-Inc/oneflow/issues/10648
Restart Required: Yes
Instructions:
1. Check current OneFlow version
2. Upgrade to v0.9.1 or later using pip: pip install --upgrade oneflow
3. Restart all services using OneFlow
4. Verify the update was successful
🔧 Temporary Workarounds
Input validation wrapper
allAdd input validation checks before calling vulnerable tensor methods
# Python example: Validate tensor dimensions before calling new_* methods
def safe_new_ones(shape):
if not all(isinstance(dim, int) and dim > 0 for dim in shape):
raise ValueError('Invalid tensor dimensions')
return flow.Tensor.new_ones(shape)
🧯 If You Can't Patch
- Implement strict input validation for all tensor creation parameters
- Isolate tensor operations from untrusted user input sources
🔍 How to Verify
Check if Vulnerable:
Check if running OneFlow v0.9.0: python -c "import oneflow; print(oneflow.__version__)"Check Version:
python -c "import oneflow; print(f'OneFlow version: {oneflow.__version__}')"Verify Fix Applied:
Verify version is v0.9.1 or later and test tensor creation with various inputs📡 Detection & Monitoring
Log Indicators:
- Application crashes or abnormal termination
- Error messages related to tensor creation or memory allocation
- Repeated failed tensor creation attempts
Network Indicators:
- Unusual patterns of tensor creation requests
- Sudden service unavailability without other causes
SIEM Query:
source="application.log" AND ("tensor.new_" OR "memory allocation failed" OR "segmentation fault")