CVE-2022-29191
published 2022-05-20CVE-2022-29191: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 2.6.4 | 2.6.4 | |
| tensorflow | — | — | |
| tensorflow | >= 2.7.0 < 2.7.2 | 2.7.2 | |
| tensorflow | >= 2.8.0 < 2.8.1 | 2.8.1 | |
| intel | optimization_for_tensorflow | >= 0 < 2.6.4 | 2.6.4 |
| intel | optimization_for_tensorflow | >= 2.7.0 < 2.7.2 | 2.7.2 |
| intel | optimization_for_tensorflow | >= 2.8.0 < 2.8.1 | 2.8.1 |
| tensorflow | tensorflow | < 2.6.4 | 2.6.4 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |