SB2022091549 - Denial of service in TensorFlow
Published: September 15, 2022 Updated: April 30, 2026
Security Bulletin ID
SB2022091549
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Reachable Assertion (CVE-ID: CVE-2022-35941)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the AvgPoolOp function. A remote attacker can pass a negative value for the ksize argument to the affected function and crash the application.
Remediation
Install update from vendor's website.
References
- https://github.com/tensorflow/tensorflow/commit/3a6ac52664c6c095aa2b114e742b0aa17fdce78f
- https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/avgpooling_op.cc#L56-L98
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5