-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from processing empty tensors in eigenvalue computations. The commit diff shows a critical check 'PADDLE_ENFORCE_GT(x.numel(), 0)' was added to EigKernel in paddle/phi/kernels/cpu/eig_kernel.cc. This matches the CWE-369 (Divide By Zero) description and the advisory's PoC using a tensor with a 0-sized dimension. The absence of this check in pre-2.6.0 versions directly caused the FPE vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| paddlepaddle | pip | < 2.6.0 | 2.6.0 |