CVE-2022-35999

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.0 TensorFlow versions 2.8.0 through 2.8.0 TensorFlow versions 2.7.0 through 2.7.1

Description The issue occurs when Conv2DBackpropInput receives empty out backprop inputs, causing the current CPU/GPU kernels CHECK to fail. This can be used to trigger a denial of service attack. The estimated number of potentially affected devices is not provided.

Recommendations For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For TensorFlow versions 2.9.0, update to TensorFlow 2.9.1 or later. For TensorFlow versions 2.8.0, update to TensorFlow 2.8.1 or later. For TensorFlow versions 2.7.0 through 2.7.1, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of empty out backprop inputs in the Conv2DBackpropInput function until a patch is available.