CVE-2022-35981

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue is related to the FractionalMaxPoolGrad function, which validates its inputs with CHECK failures instead of returning errors. If it receives incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. This can be achieved by providing specific input values to the tf.raw ops.FractionalMaxPoolGrad function, such as orig input, orig output, out backprop, row pooling sequence, and col pooling sequence. The estimated number of potentially affected devices is not provided.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the FractionalMaxPoolGrad function until a patch is available.