CVE-2022-36027

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier

Description The issue occurs when converting transposed convolutions using per-channel weight quantization, causing the converter to segfault and crash the Python process. This happens due to a problem in the converter when handling specific types of quantized layers. The estimated number of potentially affected devices is not provided. There are no known real-world incidents where this issue was exploited.

Recommendations For TensorFlow versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue. For TensorFlow versions 2.9.1 and earlier, update to version 2.9.1 or later to resolve the issue. For TensorFlow versions 2.8.1 and earlier, update to version 2.8.1 or later to resolve the issue. For TensorFlow versions 2.7.2 and earlier, update to version 2.7.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of per-channel weight quantization with transposed convolutions until a patch is available.