`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in TensorFlow
Description
TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an element_shape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
1bb03fdf4aae9Check for element_shape in TensorListScatter and TensorListScatterV2
2 files changed · +29 −0
tensorflow/core/kernels/list_kernels.h+5 −0 modified@@ -895,6 +895,11 @@ class TensorListScatter : public OpKernel { OP_REQUIRES_OK(c, c->allocate_output(0, {}, &output_tensor, attr)); Tensor indices = c->input(1); PartialTensorShape element_shape; + OP_REQUIRES( + c, !TensorShapeUtils::IsMatrixOrHigher(c->input(2).shape()), + errors::InvalidArgument( + "TensorListScatter: element_shape must be at most rank 1 but has ", + "the shape of ", c->input(2).shape().DebugString())); OP_REQUIRES_OK(c, TensorShapeFromTensor(c->input(2), &element_shape)); // TensorListScatterV2 passes the num_elements input, TensorListScatter does // not.
tensorflow/python/kernel_tests/data_structures/list_ops_test.py+24 −0 modified@@ -481,6 +481,30 @@ def testScatterOutputListSizeWithNumElementsSpecified(self): # TensorListScatter should return a list with size num_elements. self.assertAllEqual(list_ops.tensor_list_length(l), 5) + def testScatterFailsWhenElementShapeIsNotVector(self): + c0 = constant_op.constant([1.0, 2.0]) + # In Eager mode, InvalidArgumentError is generated by the Compute function. + # In graph mode, ValueError is generated by the shape function. + with self.assertRaisesRegex( + (errors.InvalidArgumentError, ValueError), + "must be at most rank 1"): + l = gen_list_ops.tensor_list_scatter( + # Wrong element_shape. Should be at most rank 1. + c0, [1, 3], element_shape=[[1]]) + self.evaluate(l) + + def testScatterV2FailsWhenElementShapeIsNotVector(self): + c0 = constant_op.constant([1.0, 2.0]) + # In Eager mode, InvalidArgumentError is generated by the Compute function. + # In graph mode, ValueError is generated by the shape function. + with self.assertRaisesRegex( + (errors.InvalidArgumentError, ValueError), + "must be at most rank 1"): + l = gen_list_ops.tensor_list_scatter_v2( + # Wrong element_shape. Should be at most rank 1. + c0, [1, 3], element_shape=[[1]], num_elements=2) + self.evaluate(l) + def testScatterFailsWhenIndexLargerThanNumElements(self): c0 = constant_op.constant([1.0, 2.0]) with self.assertRaisesRegex(
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-vm7x-4qhj-rrcqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35991ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/bb03fdf4aae944ab2e4b35c7daa051068a8b7f61ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.