VYPR
← All advisories
Moderate severityNVD Advisory· Published May 20, 2022· Updated Apr 22, 2025

Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix`

CVE-2022-29198

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code assumes dense_shape is a vector and indices is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
< 2.6.42.6.4
tensorflowPyPI
>= 2.7.0, < 2.7.22.7.2
tensorflowPyPI
>= 2.8.0, < 2.8.12.8.1
tensorflow-cpuPyPI
< 2.6.42.6.4
tensorflow-cpuPyPI
>= 2.7.0, < 2.7.22.7.2
tensorflow-cpuPyPI
>= 2.8.0, < 2.8.12.8.1
tensorflow-gpuPyPI
< 2.6.42.6.4
tensorflow-gpuPyPI
>= 2.7.0, < 2.7.22.7.2
tensorflow-gpuPyPI
>= 2.8.0, < 2.8.12.8.1

Affected products

1

Patches

1
ea50a40e84f6

Fix failed check in SparseTensorToCSRSparseMatrix

https://github.com/tensorflow/tensorflowAntonio SanchezMay 2, 2022via ghsa
commit
2 files changed · +26 0
  • tensorflow/core/kernels/sparse/sparse_tensor_to_csr_sparse_matrix_op.cc+7 0 modified
    @@ -67,6 +67,13 @@ class SparseTensorToCSRSparseMatrixCPUOp : public OpKernel {
     const Tensor& values = ctx->input(1);
     const Tensor& dense_shape = ctx->input(2);
     const int rank = dense_shape.NumElements();
+    OP_REQUIRES(
+        ctx, TensorShapeUtils::IsVector(dense_shape.shape()),
+        errors::InvalidArgument("dense_shape must be rank 1 but got rank",
+                                dense_shape.shape().dims()));
+    OP_REQUIRES(ctx, TensorShapeUtils::IsMatrix(indices.shape()),
+                errors::InvalidArgument("indices must be rank 2 but got rank",
+                                        indices.shape().dims()));
     OP_REQUIRES(ctx, rank == 2 || rank == 3,
                 errors::InvalidArgument("SparseTensor must have rank 2 or 3; ",
                                         "but indices has rank: ", rank));
  • tensorflow/python/kernel_tests/linalg/sparse/csr_sparse_matrix_ops_test.py+19 0 modified
    @@ -168,6 +168,25 @@ def testSparseTensorConversion(self):
     self.assertAllClose(a_values, a_st_rt_value.values)
     self.assertAllEqual(a_dense_shape, a_st_rt_value.dense_shape)
 
+  def testSparseTensorConversionInvalidInputShapes(self):
+    values = constant_op.constant(
+        0.554979503, shape=[5], dtype=dtypes.float32)
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "must be rank 1"):
+      indices = constant_op.constant(0, shape=[5, 2], dtype=dtypes.int64)
+      dense_shape = constant_op.constant(53, shape=[], dtype=dtypes.int64)
+      csr = sparse_csr_matrix_ops.sparse_tensor_to_csr_sparse_matrix(
+          indices=indices, values=values, dense_shape=dense_shape)
+      self.evaluate(csr)
+
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "must be rank 2"):
+      indices = constant_op.constant(0, shape=[5], dtype=dtypes.int64)
+      dense_shape = constant_op.constant(53, shape=[1], dtype=dtypes.int64)
+      csr = sparse_csr_matrix_ops.sparse_tensor_to_csr_sparse_matrix(
+          indices=indices, values=values, dense_shape=dense_shape)
+      self.evaluate(csr)
+
   # TODO(b/139491352): Add handle_data propagation to array_ops.identity.
   @test_util.run_deprecated_v1
   def testCSRSparseMatrixResourceVariable(self):

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.