CVE-2022-41891

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier

Description The issue results in a segmentation fault when tf.raw ops.TensorListConcat is given element shape=[], which can be used to trigger a denial of service attack. This can be achieved by providing an empty element shape to the tf.raw ops.TensorListConcat function, as shown in the example code. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 2.11, update to TensorFlow 2.11 or later. For versions 2.10.1 and earlier, update to TensorFlow 2.10.1 or later, or apply the patch from GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. For versions 2.9.3 and earlier, update to TensorFlow 2.9.3 or later, or apply the patch from GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. For versions 2.8.4 and earlier, update to TensorFlow 2.8.4 or later, or apply the patch from GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. As a temporary workaround, consider avoiding the use of tf.raw ops.TensorListConcat with an empty element shape until the issue is resolved.