CVE-2022-29195

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4

Description The implementation of tf.raw ops.StagePeek does not fully validate the input arguments, resulting in a CHECK-failure that can be used to trigger a denial of service attack. The code assumes index is a scalar but there is no validation for this before accessing its value.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later. As a temporary workaround, consider disabling the tf.raw ops.StagePeek function until a patch is available. Restrict access to the tf.raw ops.StagePeek function to minimize the risk of exploitation. Avoid using the index variable in the affected API endpoint until the issue is resolved.