CVE-2022-35952

MEDIUM

TensorFlow - Memory Corruption

Title source: llm

Description

TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47

Patch, Third Party Advisory x_refsource_misc

https://github.com/tensorflow/tensorflow/commit/5f945fc6409a3c1e90d6970c9292f805f6e6ddf2

View Patch ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/tensorflow/tensorflow/blob/769eddaf479c8debead9a59a72617d6ed6f0fe10/tensorflow/core/kernels/batch_kernels.cc#L891

View Writeup ZIP pw:eip

Scores

CVSS v3 5.9

EPSS 0.0022

EPSS Percentile 44.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (5)

google/tensorflow 2.10 rc0 (4 CPE variants)

google/tensorflow 2.7.0 - 2.7.2

pypi/tensorflow 0 - 2.7.2PyPI

pypi/tensorflow-cpu 0 - 2.7.2PyPI

pypi/tensorflow-gpu 0 - 2.7.2PyPI

Published Sep 16, 2022

Tracked Since Feb 18, 2026