CVE-2025-65890 | THREATINT

Description

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

PUBLISHED Reserved 2025-11-18 | Published 2026-01-28 | Updated 2026-01-29 | Assigner mitre

References

github.com/Daisy2ang

oneflow.com

github.com/Oneflow-Inc/oneflow

github.com/Oneflow-Inc/oneflow/issues/10662

cve.org (CVE-2025-65890)

nvd.nist.gov (CVE-2025-65890)

Download JSON