CVE-2022-35973

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2

Description The issue arises when QuantizedMatMul is given nonscalar input for: min a, max a, min b, or max b. This can trigger a segfault, leading to a denial of service attack.

Recommendations For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later. For TensorFlow versions 2.9.1, 2.8.1, and 2.7.2, update to the respective patched versions. As a temporary workaround, consider avoiding the use of QuantizedMatMul with nonscalar input for min a, max a, min b, or max b until a patch is available.