PT-2022-26116 · Google · Tensorflow
Neophytos Christou
·
Published
2022-11-18
·
Updated
2024-03-06
·
CVE-2022-41885
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.11
TensorFlow versions 2.10.1, 2.9.3, and 2.8.4
Description
TensorFlow is an open source platform for machine learning. When
tf.raw ops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows.Recommendations
For TensorFlow versions prior to 2.11, update to version 2.11 or later.
For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
As a temporary workaround, consider avoiding the use of
tf.raw ops.FusedResizeAndPadConv2D with large tensor shapes until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow