CVE-2022-36000

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue arises when mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, resulting in a null dereference. Additionally, the Eig function can be fed an incorrect Tout input, leading to a CHECK fail that can trigger a denial of service attack. The Eig function is vulnerable when given specific inputs, such as arg 0 with a shape of (2, 2) and arg 1 set to tf.complex128. There are no known workarounds for this issue.

Recommendations For TensorFlow versions prior to 2.10.0, update to TensorFlow 2.10.0 or later to resolve the issue. For TensorFlow versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later to resolve the issue. For TensorFlow versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later to resolve the issue. For TensorFlow versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Eig function with incorrect Tout inputs until a patch is available.