CVE-2022-41898

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier

Description The issue occurs when the SparseFillEmptyRowsGrad function is given empty inputs, causing TensorFlow to crash. This can be triggered by calling tf.raw ops.SparseFillEmptyRowsGrad with empty reverse index map and grad values lists. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 2.11, update to TensorFlow 2.11 or later. For versions 2.10.1 and earlier, update to TensorFlow 2.10.1 or later, or apply the patch from GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. For versions 2.9.3 and earlier, update to TensorFlow 2.9.3 or later, or apply the patch from GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. For versions 2.8.4 and earlier, update to TensorFlow 2.8.4 or later, or apply the patch from GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. As a temporary workaround, consider avoiding the use of the SparseFillEmptyRowsGrad function with empty inputs until a patch is applied.