CVE-2022-35988

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue occurs when the tf.linalg.matrix rank function receives an empty input a, causing the GPU kernel to give a CHECK fail that can be used to trigger a denial of service attack. This can be achieved by passing an empty tensor to the tf.linalg.matrix rank function, such as tf.constant([], shape=[0, 1, 1], dtype=tf.float32).

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the tf.linalg.matrix rank function with empty inputs until a patch is available.