CVE-2025-70999 | THREATINT

Description

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

PUBLISHED Reserved 2026-01-09 | Published 2026-01-28 | Updated 2026-01-29 | Assigner mitre

References

github.com/Daisy2ang

oneflow.com

github.com/Oneflow-Inc/oneflow/issues/10660

cve.org (CVE-2025-70999)

nvd.nist.gov (CVE-2025-70999)

Download JSON