`CHECK` fail in `SetSize` in TensorFlow
Description
TensorFlow is an open source platform for machine learning. When SetSize receives an input set_shape that is not a 1D tensor, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
1cf70b79d2662Fix tf.raw_ops.SetSize vulnerability with invalid input arg specifying shape.
2 files changed · +19 −2
tensorflow/core/kernels/set_kernels.cc+6 −2 modified@@ -70,8 +70,12 @@ Status SparseTensorFromContext(OpKernelContext* ctx, const int32_t base_index, sparse::SparseTensor* tensor) { // Assume row-major order. TensorShape shape; - TF_RETURN_IF_ERROR(TensorShape::BuildTensorShape( - ctx->input(base_index + 2).vec<int64_t>(), &shape)); + const Tensor& shape_tensor = ctx->input(base_index + 2); + if (shape_tensor.dims() != 1) { + return errors::InvalidArgument("Shape must be a 1D tensor."); + } + TF_RETURN_IF_ERROR( + TensorShape::BuildTensorShape(shape_tensor.vec<int64_t>(), &shape)); CheckRankAtLeast2(ctx, shape); std::vector<int64_t> order(shape.dims()); std::iota(order.begin(), order.end(), 0);
tensorflow/python/kernel_tests/math_ops/sets_test.py+13 −0 modified@@ -23,6 +23,7 @@ from tensorflow.python.framework import sparse_tensor as sparse_tensor_lib from tensorflow.python.framework import test_util from tensorflow.python.ops import array_ops +from tensorflow.python.ops import gen_set_ops from tensorflow.python.ops import math_ops from tensorflow.python.ops import sets from tensorflow.python.ops import sparse_ops @@ -1303,6 +1304,18 @@ def test_set_union_output_is_sorted(self, dtype): result.values, _constant([1, 3, 5, 7, 9, 0, 2, 4, 5, 6, 6, 8, 9], dtype)) + def test_raw_ops_setsize_invalid_shape(self): + with self.assertRaisesRegex(errors_impl.InvalidArgumentError, + "Shape must be a 1D tensor"): + invalid_shape = 1 + self.evaluate( + gen_set_ops.set_size( + set_indices=1, + set_values=[1, 1], + set_shape=invalid_shape, + validate_indices=True, + name="")) + if __name__ == "__main__": googletest.main()
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-wq6q-6m32-9rv9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35993ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/cf70b79d2662c0d3c6af74583641e345fc939467ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.