CVE-2022-35989

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue occurs when the MaxPool function receives a window size input array ksize with dimensions greater than its input tensor input, causing the GPU kernel to give a CHECK fail that can be used to trigger a denial of service attack. There are no known workarounds for this issue.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the MaxPool function with window size input arrays ksize that have dimensions greater than the input tensor input until a patch is available.