CVE-2022-35960

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue arises in core/kernels/list kernels.cc's TensorListReserve where num elements is assumed to be a tensor of size 1. When a num elements of more than 1 element is provided, then tf.raw ops.TensorListReserve fails the CHECK EQ in CheckIsAlignedAndSingleElement. This vulnerability has been reported by Kang Hong Jin from Singapore Management University.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of tf.raw ops.TensorListReserve with num elements of more than 1 element until a patch is available.