Lucene search
PRIOn knowledge basePRION:CVE-2022-35960HistorySep 16, 2022 - 8:15 p.m.
Stack overflow
2022-09-1620:15:00
PRIOn knowledge base
www.prio-n.com
2
tensorflow
machine learning
security patch
vulnerability
github commit
tensorflow 2.10.0
tensorflow 2.9.1
tensorflow 2.8.1
tensorflow 2.7.2
nvd
0.001 Low
EPSS
Percentile
40.3%
TensorFlow is an open source platform for machine learning. In core/kernels/list_kernels.cc's TensorListReserve, num_elements is assumed to be a tensor of size 1. When a num_elements of more than 1 element is provided, then tf.raw_ops.TensorListReserve fails the CHECK_EQ in CheckIsAlignedAndSingleElement. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | eq | 2.8.0 | |
| tensorflow | ge | 2.7.0 | |
| tensorflow | lt | 2.7.2 | |
| tensorflow | eq | 2.10 rc1 | |
| tensorflow | eq | 2.10 rc2 | |
| tensorflow | eq | 2.10 rc3 | |
| tensorflow | eq | 2.10 rc0 | |
| tensorflow | eq | 2.9.0 |
Related
osv
osv
TensorFlow vulnerable to `CHECK` failure in `TensorListReserve` via missing validation
2022-09-16 22:11:18
BIT-tensorflow-2022-35960
2024-03-06 11:13:59
CVE-2022-35960
2022-09-16 20:15:10
nvd
nvd
CVE-2022-35960
2022-09-16 20:15:10
veracode
veracode
Denial Of Service (DoS)
2022-09-20 11:18:12
cve
cve
CVE-2022-35960
2022-09-16 20:15:10
cnvd
cnvd
Google TensorFlow Denial of Service Vulnerability (CNVD-2023-15783)
2022-09-20 00:00:00
github
github
cvelist
cvelist
CVE-2022-35960 `CHECK` failure in `TensorListReserve` in TensorFlow
2022-09-16 20:00:15
