Moderate severityNVD Advisory· Published Nov 18, 2022· Updated Apr 22, 2025

Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow

CVE-2022-41891

Description

TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListConcat is given element_shape=[], it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.8.4	2.8.4
tensorflowPyPI	>= 2.9.0, < 2.9.3	2.9.3
tensorflowPyPI	>= 2.10.0, < 2.10.1	2.10.1
tensorflow-cpuPyPI	< 2.8.4	2.8.4
tensorflow-gpuPyPI	< 2.8.4	2.8.4
tensorflow-cpuPyPI	>= 2.9.0, < 2.9.3	2.9.3
tensorflow-gpuPyPI	>= 2.9.0, < 2.9.3	2.9.3
tensorflow-cpuPyPI	>= 2.10.0, < 2.10.1	2.10.1
tensorflow-gpuPyPI	>= 2.10.0, < 2.10.1	2.10.1

Affected products

Tensorflow/Tensorflowv5
Range: >= 2.10.0, < 2.10.1

Patches

fc33f3dc4c14

Fix tf.raw_ops.TensorListConcat vulnerability (segfault).

https://github.com/tensorflow/tensorflowAlan LiuSep 28, 2022via ghsa

commit

2 files changed · +14 −2

tensorflow/core/kernels/list_kernels.h+5 −2 modified

@@ -395,8 +395,11 @@ class TensorListConcat : public OpKernel {
   void Compute(OpKernelContext* c) override {
     PartialTensorShape element_shape_except_first_dim;
     if (!element_shape_.unknown_rank()) {
-      element_shape_except_first_dim = PartialTensorShape(
-          gtl::ArraySlice<int64_t>(element_shape_.dim_sizes()).subspan(1));
+      auto dim_sizes = element_shape_.dim_sizes();
+      OP_REQUIRES(c, !dim_sizes.empty(),
+                  errors::InvalidArgument("element_shape must not be empty"));
+      element_shape_except_first_dim =
+          PartialTensorShape(gtl::ArraySlice<int64_t>(dim_sizes).subspan(1));
     }
     // Check that the input Variant tensor is indeed a TensorList and has the
     // correct element type.

tensorflow/python/kernel_tests/data_structures/list_ops_test.py+9 −0 modified

@@ -1514,6 +1514,15 @@ def testConcatWithUninitializedTensorsFailsIfNoInputLengths(self):
       t = list_ops.tensor_list_concat(l, element_dtype=dtypes.float32)
       self.evaluate(t)
 
+  @test_util.run_in_graph_and_eager_modes
+  def testConcatWithInvalidElementShape(self):
+    l = list_ops.tensor_list_reserve(
+        element_dtype=dtypes.float32, element_shape=[], num_elements=0)
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                r"element_shape must not be empty"):
+      self.evaluate(gen_list_ops.tensor_list_concat(
+          input_handle=l, element_dtype=dtypes.float32, element_shape=[]))
+
   def testEmptyTensorListInvalidShape(self):
     with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
                                 r"Shape must be at most rank 1 but is rank 2"):

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000