Primary

Context

TensorFlow Embedding Layer Compilation Leads to Random Output Vulnerability

Vulnerability

A vulnerability in TensorFlow version 2.18.0 causes the Embedding layer to produce random output when compiled with XLA, resulting in unexpected application behavior. This issue has been acknowledged by the TensorFlow community.

Impact

The vulnerability introduces silent incorrectness, where the model outputs erroneous results without any indication of an error, potentially leading to harmful decisions in application logic.

Reproduction

The vulnerability can be reproduced by creating a TensorFlow model that includes an Embedding layer and compiling it with XLA. When the model is run, it will output random values instead of the expected result. This behavior can be observed by comparing the output of an uncompiled model with one that has been compiled with XLA, using the same input.

Added: Sep 25, 2025, 4:25 PM

Updated: Sep 25, 2025, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.6

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.6

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TensorFlow Embedding Layer Compilation Leads to Random Output Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

TensorFlow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating