VYPR
← All advisories
High severityNVD Advisory· Published Jan 3, 2024· Updated Jun 16, 2025

Stack overflow in paddle.linalg.lu_unpack

CVE-2023-52307

Description

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0 can lead to denial of service or arbitrary code execution.

CVE-2023-52307 describes a stack overflow vulnerability in the paddle.linalg.lu_unpack function of PaddlePaddle, a deep learning framework. The flaw occurs when the function processes malformed pivot data from LU decomposition, lacking proper bounds checking [1][3]. In versions prior to 2.6.0, input validation was insufficient, allowing an attacker to supply crafted tensors that cause a stack overflow [2][3].

Exploitation requires the ability to call lu_unpack with manipulated inputs, which can be achieved through any application that uses PaddlePaddle and processes user-supplied data for LU decomposition. No authentication is needed if the function is exposed remotely, making it accessible to unauthenticated attackers [1][4].

The stack overflow can lead to a denial of service by crashing the application. The description notes the possibility of "even more damage" [1], which may include arbitrary code execution depending on the environment. The CVSS score and further analysis are pending [1].

The vulnerability is fixed in PaddlePaddle 2.6.0. Users should upgrade to this version or later. The fix adds explicit checks to ensure pivot values are within valid ranges, preventing the overflow [3]. As of January 2024, the CVE is not listed in CISA's Known Exploited Vulnerabilities catalog [4].

References
  1. NVD - CVE-2023-52307
  2. GitHub - PaddlePaddle/Paddle: PArallel Distributed Deep LEarning: Machine Learning Framework from Industrial Practice (『飞桨』核心框架,深度学习&机器学习高性能单机、分布式训练和跨平台部署)
  3. add lu_unpack data check (#56311) · PaddlePaddle/Paddle@6fdb316
  4. advisory-database/vulns/paddlepaddle/PYSEC-2024-139.yaml at main · pypa/advisory-database

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
PaddlePaddlePyPI
< 2.6.02.6.0

Affected products

2

Patches

1
6fdb316c8b0e

add lu_unpack data check (#56311)

https://github.com/PaddlePaddle/PaddlezhiboniuAug 17, 2023via ghsa
commit
3 files changed · +81 1
  • paddle/phi/kernels/impl/lu_kernel_impl.h+11 0 modified
    @@ -15,6 +15,7 @@
 #pragma once
 
 #include "paddle/phi/core/dense_tensor.h"
+#include "paddle/phi/core/enforce.h"
 #include "paddle/phi/kernels/elementwise_add_kernel.h"
 #include "paddle/phi/kernels/elementwise_subtract_kernel.h"
 #include "paddle/phi/kernels/funcs/complex_functors.h"
@@ -500,6 +501,16 @@ void Unpack_Pivot(const Context& dev_ctx,
     arange<Context>(dev_ctx, &idt, h);
     auto idlst = idt.data<int32_t>();
     for (int j = 0; j < Pnum; j++) {
+      PADDLE_ENFORCE_EQ(
+          (pdataptr[i * Pnum + j] > 0) && (pdataptr[i * Pnum + j] <= h),
+          true,
+          phi::errors::InvalidArgument(
+              "The data in Pivot must be between (1, x.shape[-2]],"
+              "but got %d in Pivot while the x.shape[-2] is %d."
+              "Please make sure that the inputs(x and Pivot) is the output of "
+              "paddle.linalg.lu.",
+              pdataptr[i * Pnum + j],
+              h));
       if (idlst[pdataptr[i * Pnum + j] - 1] == idlst[j]) continue;
       auto temp = idlst[j];
       idlst[j] = idlst[pdataptr[i * Pnum + j] - 1];
  • python/paddle/tensor/linalg.py+8 1 modified
    @@ -2433,7 +2433,14 @@ def lu_unpack(x, y, unpack_ludata=True, unpack_pivots=True, name=None):
 
             # one can verify : X = P @ L @ U ;
     """
-
+    if x.ndim < 2:
+        raise ValueError(
+            f"The shape of x should be (*, M, N), but received ndim is [{x.ndim} < 2]"
+        )
+    if y.ndim < 1:
+        raise ValueError(
+            f"The shape of Pivots should be (*, K), but received ndim is [{y.ndim} < 1]"
+        )
     if in_dynamic_mode():
         P, L, U = _C_ops.lu_unpack(x, y, unpack_ludata, unpack_pivots)
         return P, L, U
  • test/legacy_test/test_lu_unpack_op.py+62 0 modified
    @@ -315,6 +315,68 @@ def run_lu_static(shape, dtype):
             run_lu_static(tensor_shape, dtype)
 
 
+class TestLU_UnpackAPIError(unittest.TestCase):
+    def test_errors_1(self):
+        with paddle.fluid.dygraph.guard():
+            # The size of input in lu should not be 0.
+            def test_x_size():
+                x = paddle.to_tensor(
+                    np.random.uniform(-6666666, 100000000, [2]).astype(
+                        np.float32
+                    )
+                )
+                y = paddle.to_tensor(
+                    np.random.uniform(-2147483648, 2147483647, [2]).astype(
+                        np.int32
+                    )
+                )
+                unpack_ludata = True
+                unpack_pivots = True
+                paddle.linalg.lu_unpack(x, y, unpack_ludata, unpack_pivots)
+
+            self.assertRaises(ValueError, test_x_size)
+
+    def test_errors_2(self):
+        with paddle.fluid.dygraph.guard():
+            # The size of input in lu should not be 0.
+            def test_y_size():
+                x = paddle.to_tensor(
+                    np.random.uniform(-6666666, 100000000, [8, 4, 2]).astype(
+                        np.float32
+                    )
+                )
+                y = paddle.to_tensor(
+                    np.random.uniform(-2147483648, 2147483647, []).astype(
+                        np.int32
+                    )
+                )
+                unpack_ludata = True
+                unpack_pivots = True
+                paddle.linalg.lu_unpack(x, y, unpack_ludata, unpack_pivots)
+
+            self.assertRaises(ValueError, test_y_size)
+
+    def test_errors_3(self):
+        with paddle.fluid.dygraph.guard():
+            # The size of input in lu should not be 0.
+            def test_y_data():
+                x = paddle.to_tensor(
+                    np.random.uniform(-6666666, 100000000, [8, 4, 2]).astype(
+                        np.float32
+                    )
+                )
+                y = paddle.to_tensor(
+                    np.random.uniform(-2147483648, 2147483647, [8, 2]).astype(
+                        np.int32
+                    )
+                )
+                unpack_ludata = True
+                unpack_pivots = True
+                paddle.linalg.lu_unpack(x, y, unpack_ludata, unpack_pivots)
+
+            self.assertRaises(Exception, test_y_data)
+
+
 if __name__ == "__main__":
     paddle.enable_static()
     unittest.main()

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.