CVE-2022-36002

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue occurs when the Unbatch function receives a nonscalar input id, resulting in a CHECK fail that can trigger a denial of service attack. This can happen when the Unbatch function is called with specific arguments, such as batched tensor, batch index, and id. The estimated number of potentially affected devices worldwide is not available. There are no known real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.10.0, update to TensorFlow 2.10.0 or later. For versions 2.9.1 and earlier, update to TensorFlow 2.9.1 or later. For versions 2.8.1 and earlier, update to TensorFlow 2.8.1 or later. For versions 2.7.2 and earlier, update to TensorFlow 2.7.2 or later. As a temporary workaround, consider avoiding the use of the Unbatch function with nonscalar input id until a patch is available. Restrict access to the Unbatch function to minimize the risk of exploitation.