Segfault in `LowerBound` and `UpperBound` in TensorFlow
Description
TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysorted_inputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
1bce3717eaef4Fix empty inputs for Upper/LowerBound.
2 files changed · +28 −0
tensorflow/core/kernels/searchsorted_op.cc+17 −0 modified@@ -22,6 +22,7 @@ limitations under the License. #include "tensorflow/core/framework/register_types.h" #include "tensorflow/core/framework/tensor.h" #include "tensorflow/core/framework/tensor_shape.h" +#include "tensorflow/core/kernels/fill_functor.h" #include "tensorflow/core/lib/core/bits.h" #include "tensorflow/core/platform/logging.h" #include "tensorflow/core/platform/threadpool.h" @@ -129,6 +130,14 @@ class UpperBoundOp : public OpKernel { auto output = output_t->template flat<OutType>(); const auto sorted_inputs = sorted_inputs_t.template flat<T>(); const auto values = values_t.template flat<T>(); + + // For empty inputs, all values will be placed at the zeroth position. + if (sorted_inputs.size() == 0) { + functor::SetZeroFunctor<Device, OutType> set_zero; + set_zero(ctx->eigen_device<Device>(), output); + return; + } + OP_REQUIRES_OK( ctx, functor::UpperBoundFunctor<Device, T, OutType>::Compute( ctx, sorted_inputs, values, sorted_inputs_t.dim_size(0), @@ -174,6 +183,14 @@ class LowerBoundOp : public OpKernel { auto output = output_t->template flat<OutType>(); const auto sorted_inputs = sorted_inputs_t.template flat<T>(); const auto values = values_t.template flat<T>(); + + // For empty inputs, all values will be placed at the zeroth position. + if (sorted_inputs.size() == 0) { + functor::SetZeroFunctor<Device, OutType> set_zero; + set_zero(ctx->eigen_device<Device>(), output); + return; + } + OP_REQUIRES_OK( ctx, functor::LowerBoundFunctor<Device, T, OutType>::Compute( ctx, sorted_inputs, values, sorted_inputs_t.dim_size(0),
tensorflow/python/kernel_tests/array_ops/array_ops_test.py+11 −0 modified@@ -2060,6 +2060,17 @@ def testZeroValueSize(self): side=side, out_type=dtype), array_ops.zeros([2, 0], dtype)) + def testZeroInputSize(self): + dtype = dtypes.int32 + for side in ("left", "right"): + with self.subTest(side=side): + self.assertAllEqual( + array_ops.searchsorted( + array_ops.ones([2, 0]), + array_ops.ones([2, 3]), + side=side, + out_type=dtype), array_ops.zeros([2, 3], dtype)) + def testInt64(self): @def_function.function
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-qxpx-j395-pw36ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35965ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/bce3717eaef4f769019fd18e990464ca4a2efeeaghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.