CVE-2022-21725

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier

Description The estimator for the cost of some convolution operations in TensorFlow can be made to execute a division by 0 due to a failure to check that the stride argument is strictly positive. This issue can be exploited by providing a stride argument of 0. The function GetOutputSize is vulnerable due to its calculation of output shape. For example, the strides argument in the tf.raw ops.AvgPoolGrad function can be set to [1,1,1,0] to trigger the division by 0.

Recommendations For TensorFlow versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. For TensorFlow versions 2.7.1 and earlier, update to version 2.7.1 or later to resolve the issue. For TensorFlow versions 2.6.3 and earlier, update to version 2.6.3 or later to resolve the issue. For TensorFlow versions 2.5.3 and earlier, update to version 2.5.3 or later to resolve the issue. As a temporary workaround, consider adding a check for the strides argument to ensure it is valid before passing it to the tf.raw ops.AvgPoolGrad function.