TensorFlow is a popular open source platform for machine learning, extensively used across various industries and research domains. Recently, a concerning vulnerability was identified, which could lead to a Denial of Service (DoS) attack by causing a segmentation fault. The issue lies in the tf.raw_ops.TensorListConcat function, which does not properly handle cases where element_shape=[]. In this post, we will dive into the details of this vulnerability, including the code snippet that triggers it and the relevant details of the exploit. We will also provide you with links to the original references and updates on the fix.

The issue can be triggered using the following code snippet

import tensorflow as tf

# Trigger the vulnerability
input_tensor = tf.constant([], dtype=tf.int32)
element_shape = tf.TensorShape([])
tensor_list = tf.raw_ops.EmptyTensorList(element_dtype=tf.int32, element_shape=element_shape)

result_tensor = tf.raw_ops.TensorListConcat(input_tensor, tensor_list)

When executed, this code snippet will result in a segmentation fault, due to the incorrect handling of the empty element_shape.

Exploit Details

The root cause of this vulnerability is a failure to properly check the dimensions of element_shape in the tf.raw_ops.TensorListConcat function. When provided with an empty element_shape, the function does not perform adequate validation, which leads to a segmentation fault. As a result, an attacker can exploit this vulnerability to conduct a Denial of Service attack, crashing the TensorFlow application.

Original References

You can find more details about the vulnerability and the proposed fix in the following GitHub commit:

- fc33f3dc4c14051a83eec6535b608abe1d355fde

This commit contains the necessary changes to address the vulnerability, and it will be integrated into TensorFlow 2.11.

Patch and Future Releases

The TensorFlow team has patched this issue in the mentioned commit (fc33f3dc4c14051a83eec6535b608abe1d355fde), and it will be included in the upcoming TensorFlow 2.11 release. Additionally, the team is planning to cherrypick this commit for TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, as these are also affected by this vulnerability and are still within the supported range.

While waiting for the official patched releases, users can apply the changes from the commit linked above to their local TensorFlow installation, mitigating the issue.


In summary, a critical vulnerability (CVE-2022-41891) has been identified in TensorFlow, which could lead to Denial of Service attacks through a segmentation fault. The issue lies in the tf.raw_ops.TensorListConcat function and can be triggered when it is provided with an empty element_shape. A patch for the vulnerability has been created, and it will be included in the upcoming TensorFlow 2.11 release, as well as cherrypicked for versions 2.10.1, 2.9.3, and 2.8.4. Users are encouraged to keep an eye out for the official patched releases and to apply the patch as soon as possible to mitigate the risk.


Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/22/2022 21:36:00 UTC