PT-2023-20316 · Google · Tensorflow
Dmc1778
·
Published
2023-03-24
·
Updated
2024-03-06
·
CVE-2023-25801
CVSS v3.1
8.0
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.12.0 and 2.11.1
Description
The issue concerns the
nn ops.fractional avg pool v2 and nn ops.fractional max pool v2 functions, which require the first and fourth elements of their pooling ratio parameter to be equal to 1.0, as pooling on batch and channel dimensions is not supported.Recommendations
For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue.
For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue.
As a temporary workaround, consider restricting the use of the
nn ops.fractional avg pool v2 and nn ops.fractional max pool v2 functions until a patch is available, by ensuring the first and fourth elements of the pooling ratio parameter are set to 1.0.Exploit
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow