High severityNVD Advisory· Published Feb 4, 2022· Updated Apr 22, 2025
Segfault in `simplifyBroadcast` in Tensorflow
CVE-2022-23593
Description
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.8.0-rc0, < 2.8.0 | 2.8.0 |
tensorflow-cpuPyPI | >= 2.8.0-rc0, < 2.8.0 | 2.8.0 |
tensorflow-gpuPyPI | >= 2.8.0-rc0, < 2.8.0 | 2.8.0 |
Affected products
1- Range: >= 2.7.0, < 2.8.0
Patches
135f0fabb4c17Avoid Segfault for scalar shapes.
2 files changed · +15 −0
tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc+4 −0 modified@@ -157,6 +157,10 @@ llvm::Optional<Value> simplifyBroadcast(ShapeComponentAnalysis& analysis, shapes_found.push_back(*found_shape); maxRank = std::max(maxRank, found_shape->size()); } + if (maxRank == 0) { + return Value(builder->create<tensor::FromElementsOp>( + loc, shapes[0].getType(), SmallVector<Value>())); + } SmallVector<const ShapeComponentAnalysis::SymbolicExpr*> joined_dimensions( maxRank);
tensorflow/compiler/mlir/tfrt/python_tests/regression_tests/scalar_broadcast.mlir+11 −0 added@@ -0,0 +1,11 @@ +builtin.func @test(%V__0 : tensor<i1> { python_test_attrs.static_type = tensor<i1> }, %V__1 : tensor<f32> { python_test_attrs.static_type = tensor<f32> }, %V__2 : tensor<f32> { python_test_attrs.static_type = tensor<f32> }) -> tensor<f32> { + %0 = "tf.Cast"(%V__0) : (tensor<i1>) -> tensor<i1> + %1 = "tf.Selu"(%V__2) : (tensor<f32>) -> tensor<f32> + %2 = "tf.NextAfter"(%1, %V__2) : (tensor<f32>, tensor<f32>) -> tensor<f32> + %3 = "tf.Elu"(%2) : (tensor<f32>) -> tensor<f32> + %4 = "tf.Cosh"(%3) : (tensor<f32>) -> tensor<f32> + %5 = "tf.Elu"(%4) : (tensor<f32>) -> tensor<f32> + %6 = "tf.Div"(%V__1, %5) : (tensor<f32>, tensor<f32>) -> tensor<f32> + %7 = "tf.Select"(%0, %6, %V__1) : (tensor<i1>, tensor<f32>, tensor<f32>) -> tensor<f32> + return %7 : tensor<f32> +} \ No newline at end of file
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-gwcx-jrx4-92w2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23593ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69aghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.