CVE-2022-35968

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The implementation of AvgPoolGrad does not fully validate the input orig input shape. This results in a CHECK failure which can be used to trigger a denial of service attack.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider disabling the AvgPoolGrad function until a patch is available.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BIT-TENSORFLOW-2022-35968

CVE-2022-35968

GHSA-2475-53VW-VP25

OPENSUSE-SU-2024:12355-1

Affected Products

Tensorflow

CVE-2022-35968

Weakness Enumeration

Related Identifiers

Affected Products

References · 10