Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Apr 23, 2025
Assertion fail on MLIR empty edge names in TensorFlow
CVE-2022-36012
Description
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
1ad069af92392[tfg][functiondef_import] Error on empty edge names
4 files changed · +95 −3
tensorflow/core/ir/importexport/functiondef_import.cc+18 −3 modified@@ -33,13 +33,15 @@ limitations under the License. #include "tensorflow/core/ir/ops.h" #include "tensorflow/core/platform/errors.h" #include "tensorflow/core/platform/status.h" +#include "tensorflow/core/platform/statusor.h" using tensorflow::AttrValue; using tensorflow::FunctionDef; using tensorflow::NodeDef; using tensorflow::OpDef; using tensorflow::OpDef_AttrDef; using tensorflow::Status; +using tensorflow::StatusOr; using tensorflow::errors::InvalidArgument; using tensorflow::protobuf::RepeatedPtrField; @@ -166,9 +168,12 @@ Status ImportNodes(ValueMapManager value_manager, if (node.op().empty()) return InvalidArgument("empty op type"); OperationState state(unknown_loc, absl::StrCat("tfg.", node.op())); // Fetch the inputs, creating placeholder if an input hasn't been visited. - for (const std::string& input : node.input()) + for (const std::string& input : node.input()) { + if (input.empty()) + return InvalidArgument("Node '", node.name(), "' has an empty input"); state.operands.push_back( value_manager.GetValueOrCreatePlaceholder(input)); + } // Retrieve the entry in the nodes_map for this node and infer the result // count from what was inferred during the first traversal above. state.types.push_back(placeholder_ty); @@ -461,21 +466,31 @@ Status ImportGenericFunction( Value()); for (const auto& ret_val : func.ret()) { auto position = output_name_to_position.find(ret_val.first); - if (position == output_name_to_position.end()) + if (position == output_name_to_position.end()) { return InvalidArgument( "Can't import function, returned value references unknown output " "argument ", ret_val.first); + } + if (ret_val.second.empty()) { + return InvalidArgument("Function '", func.signature().name(), + "' has empty result name"); + } ret_vals[position->second] = value_manager.GetValueOrCreatePlaceholder(ret_val.second); } for (const auto& ret_val : func.control_ret()) { auto position = control_output_to_position.find(ret_val.first); - if (position == control_output_to_position.end()) + if (position == control_output_to_position.end()) { return InvalidArgument( "Can't import function, returned value references unknown output " "argument ", ret_val.first); + } + if (ret_val.second.empty()) { + return InvalidArgument("Function '", func.signature().name(), + "' has empty control result name"); + } Value result = value_manager.GetValueOrCreatePlaceholder( (Twine("^") + ret_val.second).str()); if (!result.getType().isa<ControlType>())
tensorflow/core/ir/importexport/tests/graphdef_to_mlir/invalid_generic_func_with_empty_control_result.pbtxt+26 −0 added@@ -0,0 +1,26 @@ +# RUN: not tfg-translate -graphdef-to-mlir %s 2>&1 | FileCheck %s + +# CHECK: Function 'foo' has empty control result name + +library { + function { + signature { + name: "foo" + control_output: "output" + } + node_def { + name: "y" + op: "NoOp" + attr { + key: "T" + value { + placeholder: "T" + } + } + } + control_ret { + key: "output" + value: "" + } + } +}
tensorflow/core/ir/importexport/tests/graphdef_to_mlir/invalid_generic_func_with_empty_input.pbtxt+22 −0 added@@ -0,0 +1,22 @@ +# RUN: not tfg-translate -graphdef-to-mlir %s 2>&1 | FileCheck %s + +# CHECK: Node 'y' has an empty input + +library { + function { + signature { + name: "foo" + } + node_def { + name: "y" + input: "" + op: "Identity" + attr { + key: "T" + value { + placeholder: "T" + } + } + } + } +}
tensorflow/core/ir/importexport/tests/graphdef_to_mlir/invalid_generic_func_with_empty_result.pbtxt+29 −0 added@@ -0,0 +1,29 @@ +# RUN: not tfg-translate -graphdef-to-mlir %s 2>&1 | FileCheck %s + +# CHECK: Function 'foo' has empty result name + +library { + function { + signature { + name: "foo" + output_arg { + name: "output" + type: DT_INT32 + } + } + node_def { + name: "y" + op: "NoOp" + attr { + key: "T" + value { + placeholder: "T" + } + } + } + ret { + key: "output" + value: "" + } + } +}
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-jvhc-5hhr-w3v5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36012ghsaADVISORY
- github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7bghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.