CVE-2022-29192

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4

Description The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments, resulting in a CHECK-failure which can be used to trigger a denial of service attack. The issue is due to the lack of validation for the input min and input max variables, which are assumed to be scalars but are not checked. This can be exploited by passing invalid input to the tf.raw ops.QuantizeAndDequantizeV4Grad function.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later.