Type confusion leading to segfault in Tensorflow
Description
TensorFlow ConcatV2 shape inference has a type confusion leading to segfault; attackers can cause denial of service via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TensorFlow ConcatV2 shape inference has a type confusion leading to segfault; attackers can cause denial of service via crafted input.
Vulnerability
The ConcatV2 operation in TensorFlow's shape inference contains a type confusion vulnerability in the ConcatShapeHelper function [2]. The axis argument is converted to concat_dim, and a min_rank value is computed as a 32-bit integer. This min_rank is passed to WithRankAtLeast, which expects a 64-bit value. By providing a negative axis value, min_rank becomes negative, bypassing the rank validation check and causing a segmentation fault. Affected versions include TensorFlow 2.5.3, 2.6.3, 2.7.1, and 2.8.0 (before the fix) [1].
Exploitation
An attacker can trigger this vulnerability by providing a crafted ConcatV2 operation with a negative axis value to a TensorFlow model. No special privileges are required; the attacker only needs to supply input to the model's graph. The type confusion occurs during shape inference, which is automatically performed when the graph is built or executed.
Impact
Successful exploitation results in a segmentation fault, causing a denial of service (DoS) condition. The attacker can crash the TensorFlow process, disrupting availability. No data confidentiality or integrity is compromised.
Mitigation
The fix is included in TensorFlow 2.8.0 [1]. The commit is also cherry-picked to TensorFlow 2.7.1, 2.6.3, and 2.5.3 [1]. Users should upgrade to the latest patched version. No workaround is available for unpatched versions.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
5- osv-coords4 versions
< 2.5.3+ 3 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
Patches
108d7b00c0a5aFix Segfault in Concat V2 shape function.
2 files changed · +13 −1
tensorflow/core/framework/common_shape_fns.cc+1 −1 modified@@ -2005,7 +2005,7 @@ Status ConcatShapeHelper(InferenceContext* c, int start_value_index, } // Minimum required number of dimensions. - const int min_rank = concat_dim < 0 ? -concat_dim : concat_dim + 1; + const int64 min_rank = concat_dim < 0 ? -concat_dim : concat_dim + 1; ShapeHandle output_before; ShapeHandle output_after;
tensorflow/python/kernel_tests/array_ops/concat_op_test.py+12 −0 modified@@ -16,6 +16,7 @@ import numpy as np +from tensorflow.python.eager import def_function from tensorflow.python.framework import constant_op from tensorflow.python.framework import dtypes from tensorflow.python.framework import errors_impl @@ -570,6 +571,17 @@ def testConcatInvalidAxis(self): t2 = [2] gen_array_ops.concat_v2([t1, t2], 1).eval() + def testConcatInvalidAxisInTfFunction(self): + + @def_function.function + def concat_wrapper(): + y = gen_array_ops.concat_v2( + values=[[1, 2, 3], [4, 5, 6]], axis=0xb500005b) + return y + + with self.assertRaises(ValueError): + concat_wrapper() + def testConcatNegativeAxis(self): with test_util.use_gpu(): t1 = [[1, 2, 3], [4, 5, 6]]
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-m4hf-j54p-p353ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21731ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-55.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-110.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.