`CHECK`-failures in `TensorByteSize` in Tensorflow
Description
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow the size of an int. The PartialTensorShape constructor instead does not cause a CHECK-abort if the shape is partial, which is exactly what this function needs to be able to return -1. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
1- Range: >= 2.7.0, < 2.7.1
Patches
1c2426bba00a0Use `PartialTensorShape` instead of `TensorShape`.
1 file changed · +1 −1
tensorflow/core/framework/attr_value_util.cc+1 −1 modified@@ -45,7 +45,7 @@ constexpr int kMaxTensorNestDepth = 100; // not fully defined return -1. int64_t TensorByteSize(const TensorProto& t) { // num_elements returns -1 if shape is not fully defined. - int64_t num_elems = TensorShape(t.tensor_shape()).num_elements(); + int64_t num_elems = PartialTensorShape(t.tensor_shape()).num_elements(); return num_elems < 0 ? -1 : num_elems * DataTypeSize(t.dtype()); }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-4j82-5ccr-4r8vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23582ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8vghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.