CVE-2022-23569

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected

Description Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails (i.e., assertion failures). This issue is similar to previous instances and has similar fixes. The reported issues have been patched in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, and fixes will be issued as these are discovered.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 to resolve the issue. For version 2.7.1, update to a newer version that includes the cherrypicked commit. For version 2.6.3, update to a newer version that includes the cherrypicked commit. For version 2.5.3, update to a newer version that includes the cherrypicked commit. As a temporary workaround, consider disabling the CHECK-fails (i.e., assertion failures) until a patch is available.