## PDSA-2023-007: FPE in paddle.linalg.matrix_rank

### CVE Number

CVE-2023-38675

### Impact

When `x` dim calculates `rows` or `cols` to 0, `paddle.linalg.matrix_rank` triggers FPE by `numel / (rows * cols)`. The PoC is as follows:

```python
import paddle
import numpy as np

x = np.random.uniform(0,0,[0,0,0,0,0]).astype(np.float32)
x = paddle.to_tensor(x)
paddle.linalg.matrix_rank(x)
```

### Patches

We have patched the issue in commit [9bb6c669206c4bcc3ce3f6daf8a55650e190c1a1](https://github.com/PaddlePaddle/Paddle/pull/55644/commits/9bb6c669206c4bcc3ce3f6daf8a55650e190c1a1).
The fix will be included in PaddlePaddle 2.6.0.

### For more information

Please consult [our security guide](../../SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

### Attribution

This vulnerability has been reported by Tong Liu of ShanghaiTech University.