CVE-2022-35983

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue occurs when Save or SaveSlices is run over tensors of an unsupported dtype, resulting in a CHECK fail that can be used to trigger a denial of service attack. This can happen when using the tf.raw ops.Save or tf.raw ops.SaveSlices functions with specific parameters, such as filename, tensor names, data, shapes and slices.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of Save or SaveSlices functions with unsupported dtype until a patch is available.