CVE-2025-65891 | THREATINT

Description

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.

PUBLISHED Reserved 2025-11-18 | Published 2026-01-28 | Updated 2026-01-29 | Assigner mitre

References

github.com/Daisy2ang

oneflow.com

github.com/Oneflow-Inc/oneflow

github.com/Oneflow-Inc/oneflow/issues/10661

cve.org (CVE-2025-65891)

nvd.nist.gov (CVE-2025-65891)

Download JSON