Integer overflows in Tensorflow
Description
Integer overflows in TensorFlow's Sparse*Cwise* ops can cause denial of service via large allocations or CHECK-fails.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflows in TensorFlow's Sparse*Cwise* ops can cause denial of service via large allocations or CHECK-fails.
Vulnerability
The implementations of Sparse*Cwise* ops in TensorFlow are vulnerable to integer overflows due to missing validation on input tensor shapes. This allows constructing a large TensorShape with user-provided dimensions, leading to large allocations or CHECK-fails. Affected versions: TensorFlow 2.5.0 to 2.5.2, 2.6.0 to 2.6.2, 2.7.0 to 2.7.0 (since 2.7.1 is fixed), and 2.8.0-rc0 to 2.8.0-rc1 (since 2.8.0 is fixed). [1][3][4]
Exploitation
An attacker can provide crafted input tensors to the Sparse*Cwise* ops, triggering integer overflow during shape computation. No special privileges are required; the attacker only needs to supply malicious input to a TensorFlow model or operation. The overflow leads to either an out-of-memory condition (OOM) or a CHECK failure, causing denial of service. [1]
Impact
Successful exploitation results in denial of service: either a large memory allocation exhausting resources (OOM) or an assertion failure that crashes the process. No code execution or data disclosure is indicated. The impact is limited to availability. [1]
Mitigation
The fix is included in TensorFlow 2.8.0, and cherry-picked to versions 2.7.1, 2.6.3, and 2.5.3. Users should upgrade to these patched versions. No workaround is mentioned. The vulnerability is not listed in CISA's KEV. [1][3][4]
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
5- osv-coords4 versions
< 2.5.3+ 3 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
Patches
2e952a89b7026Prevent overflow in sparse dense cwise ops.
1 file changed · +3 −1
tensorflow/core/kernels/sparse_dense_binary_op_shared.cc+3 −1 modified@@ -99,7 +99,9 @@ class SparseDenseBinaryOpShared : public OpKernel { const auto indices_mat = indices_t->matrix<int64_t>(); const auto shape_vec = shape_t->vec<int64_t>(); - const auto lhs_dims = BCast::FromShape(TensorShape(shape_vec)); + TensorShape lhs_shape; + OP_REQUIRES_OK(ctx, TensorShape::BuildTensorShape(shape_vec, &lhs_shape)); + const auto lhs_dims = BCast::FromShape(lhs_shape); const auto rhs_dims = BCast::FromShape(dense_t->shape()); BCast b(lhs_dims, rhs_dims, false); // false for keeping the same num dims.
1b54cadd1939Add missing validation to sparse dense cwise ops.
1 file changed · +13 −0
tensorflow/core/kernels/sparse_dense_binary_op_shared.cc+13 −0 modified@@ -78,11 +78,24 @@ class SparseDenseBinaryOpShared : public OpKernel { "but received shapes: ", values_t->shape().DebugString(), " and ", shape_t->shape().DebugString())); + OP_REQUIRES( + ctx, TensorShapeUtils::IsVector(shape_t->shape()), + errors::InvalidArgument("Input sp_shape must be a vector. Got: ", + shape_t->shape().DebugString())); OP_REQUIRES( ctx, values_t->dim_size(0) == indices_t->dim_size(0), errors::InvalidArgument( "The first dimension of values and indices should match. (", values_t->dim_size(0), " vs. ", indices_t->dim_size(0), ")")); + OP_REQUIRES( + ctx, shape_t->shape().dim_size(0) == indices_t->shape().dim_size(1), + errors::InvalidArgument( + "Number of dimensions must match second dimension of indices. ", + "Got ", shape_t->shape().dim_size(0), + " dimensions, indices shape: ", indices_t->shape().DebugString())); + OP_REQUIRES(ctx, shape_t->NumElements() > 0, + errors::InvalidArgument( + "The shape argument requires at least one element.")); const auto indices_mat = indices_t->matrix<int64_t>(); const auto shape_vec = shape_t->vec<int64_t>();
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-rrx2-r989-2c43ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23567ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.mdghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.