Medium severity5.9NVD Advisory· Published Feb 4, 2022· Updated Jun 17, 2026
CVE-2022-23593
CVE-2022-23593
Description
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.8.0-rc0, < 2.8.0 | 2.8.0 |
tensorflow-cpuPyPI | >= 2.8.0-rc0, < 2.8.0 | 2.8.0 |
tensorflow-gpuPyPI | >= 2.8.0-rc0, < 2.8.0 | 2.8.0 |
Affected products
5- osv-coords4 versions
>= 2.7.0, < 2.8.0+ 3 more
- (no CPE)range: >= 2.7.0, < 2.8.0
- (no CPE)range: >= 2.8.0-rc0, < 2.8.0
- (no CPE)range: >= 2.8.0-rc0, < 2.8.0
- (no CPE)range: >= 2.8.0-rc0, < 2.8.0
- Range: >= 2.7.0, < 2.8.0
Patches
Vulnerability mechanics
References
7- github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69anvdPatchThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2nvdPatchThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.ccnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-gwcx-jrx4-92w2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23593ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yamlghsaWEB
News mentions
0No linked articles in our index yet.