RepoJournal
PyTorch

@pytorch

PyTorch and the broader machine-learning ecosystem

Pick a date

The Wire · Showcase

GLOO SECURITY FIX SHIPS, CUDA 13.0.3 LANDS, FBGEMM MIGRATION ADVANCES

By RepoJournal · Filed · About PyTorch

PyTorch's core communication library just patched a size_t overflow that could let attackers write arbitrary memory over the network.

The gloo submodule bump [1] fixes a critical TCP transport vulnerability where roffset and length read directly from the wire could wrap around on 64-bit math, bypassing bounds checks. This ships alongside CUDA 13.0.3 [2], which fixes a cublasLtMatmul concurrency bug that produced incorrect results on H100s and newer. Both hit production paths. On the FBGEMM front, the TBE type migration is now canonical [3]: ssd_config.py owns the config types and ops_common became a pure shim, clearing the way for the next phase of that refactor. The team also closed out 14+ failing opcheck variants by adding missing sparse_ops imports [4] [5] and implementing ROCm subwarp reduction kernels [6]. ExecutorTorch added an Arm TOSA FP8 run-only mode [7] so you can validate lowered artifacts without eager CPU execution, and optimized SDPA thresholds [8] to cover both Gemma and Qwen workloads. Cortex-M op tests now accept a parametrized target fixture [9], letting you test across cortex-m55 and future architectures in a single CI run.

Action items

References

  1. [1] submodules: bump gloo to 74cc005ae13f69c11d8a41e50b42025b6730e796 (#187077) pytorch/pytorch
  2. [2] [CD] Bump 13.0 builds to 13.0.3 (#179758) pytorch/pytorch
  3. [3] Make tbe.ssd.ssd_config canonical; ops_common is now a shim pytorch/FBGEMM
  4. [4] Fix block_bucketize 2DWeightsTest opcheck faketensor failures (#5870) pytorch/FBGEMM
  5. [5] Add populate_bucketized_permute meta + fix block_bucketize opcheck (#5869) pytorch/FBGEMM
  6. [6] Add `subwarp_reduce_add` for `GROUP_REDUCE_ALL_SUM` on ROCm (#5875) pytorch/FBGEMM
  7. [7] Arm backend: Add run-only TOSA ref model test mode ↗ pytorch/executorch
  8. [8] [cuda backend] optimized L_kv threshold for sdpa implementation selection. ↗ pytorch/executorch
  9. [9] Cortex-M: run op tests against a selectable target ↗ pytorch/executorch

FAQ

What changed in PyTorch on June 12, 2026?
PyTorch's core communication library just patched a size_t overflow that could let attackers write arbitrary memory over the network.
What should PyTorch teams do about it?
Bump gloo submodule immediately if running inference serving or distributed training with untrusted networks • Merge CUDA 13.0.3 builds before next H100+ batch • Monitor FBGEMM opcheck results; sparse ops imports are now required in test files
Which PyTorch repositories shipped on June 12, 2026?
pytorch/pytorch, pytorch/FBGEMM, pytorch/executorch

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.