PT-2022-26133 · Google · Tensorflow
Kang Hong Jin
·
Published
2022-11-18
·
Updated
2024-03-06
·
CVE-2022-41901
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.11
TensorFlow version 2.10.1
TensorFlow version 2.9.3
TensorFlow version 2.8.4
Description
TensorFlow is an open source platform for machine learning. An input
sparse matrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.raw ops.SparseMatrixNNZ.Recommendations
For TensorFlow versions prior to 2.11, update to version 2.11 or later.
For TensorFlow version 2.10.1, apply the patch from GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693 or update to a later version.
For TensorFlow version 2.9.3, apply the patch from GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693 or update to a later version.
For TensorFlow version 2.8.4, apply the patch from GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693 or update to a later version.
Exploit
Fix
Assertion Failure
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tensorflow