CVE-2022-35989 – TensorFlow is an open source platform for machine learning. When `MaxPool` receives a wind …

16 September 2022

Vuln ID: CVE-2022-35989

Published: 2022-09-16 22:15:11Z

Description: TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Source: NVD.NIST.GOV

Date:

16 September 2022

Categorie(s):

NVD

Tag(s):

NVD

New Bitsight, Moody’s service seeks to bolster cyber risk management23 April 2024
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)23 April 2024
Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins23 April 2024
End-to-End Encryption Sparks Concerns Among EU Law Enforcement23 April 2024
GAO: Most Biden cybersecurity EO requirements achieved23 April 2024