`CHECK` failure in `TensorListReserve` in TensorFlow
Description
TensorFlow is an open source platform for machine learning. In core/kernels/list_kernels.cc's TensorListReserve, num_elements is assumed to be a tensor of size 1. When a num_elements of more than 1 element is provided, then tf.raw_ops.TensorListReserve fails the CHECK_EQ in CheckIsAlignedAndSingleElement. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
1b5f6fbfba765Re-enable testTensorListReserveWithNonScalarNumElements to work with mlir as well.
2 files changed · +17 −0
tensorflow/core/kernels/list_kernels.cc+7 −0 modified@@ -31,9 +31,11 @@ limitations under the License. #include "tensorflow/core/framework/allocator.h" #include "tensorflow/core/framework/op_kernel.h" #include "tensorflow/core/framework/register_types.h" +#include "tensorflow/core/framework/tensor_shape.h" #include "tensorflow/core/framework/tensor_types.h" #include "tensorflow/core/framework/variant.h" #include "tensorflow/core/framework/variant_op_registry.h" +#include "tensorflow/core/platform/errors.h" namespace tensorflow { @@ -322,6 +324,11 @@ class TensorListReserve : public OpKernel { void Compute(OpKernelContext* c) override { PartialTensorShape element_shape; OP_REQUIRES_OK(c, TensorShapeFromTensor(c->input(0), &element_shape)); + OP_REQUIRES( + c, TensorShapeUtils::IsScalar(c->input(1).shape()), + errors::InvalidArgument( + "The num_elements to reserve must be a tensor size 1, but got ", + c->input(1).shape())); int32_t num_elements = c->input(1).scalar<int32>()(); OP_REQUIRES(c, num_elements >= 0, errors::InvalidArgument("The num_elements to reserve must be a "
tensorflow/python/kernel_tests/data_structures/list_ops_test.py+10 −0 modified@@ -94,6 +94,16 @@ def testPopFromEmptyTensorListFails(self, max_num_elements): l = list_ops.tensor_list_pop_back(l, element_dtype=dtypes.float32) self.evaluate(l) + def testTensorListReserveWithNonScalarNumElements(self): + # list_kernels.cc in tf/core/kernels raises InvalidArgumentError, and + # tf_ops_n_z.cc in tf/compiler/mlir/tf/ir raises UnknownError. + with self.assertRaises((errors.InvalidArgumentError, errors.UnknownError)): + l = list_ops.tensor_list_reserve( + element_dtype=dtypes.float32, + element_shape=[2, 3], + num_elements=constant_op.constant([1, 1])) + self.evaluate(l) + def testPopUninitializedTensorUseListElementShape(self): l = list_ops.tensor_list_reserve( element_dtype=dtypes.float32, element_shape=[2, 3], num_elements=3)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-v5xg-3q2c-c2r4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35960ghsaADVISORY
- github.com/tensorflow/tensorflow/blob/c8ba76d48567aed347508e0552a257641931024d/tensorflow/core/kernels/list_kernels.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/b5f6fbfba76576202b72119897561e3bd4f179c7ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.