First published: Fri Nov 18 2022(Updated: )
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google TensorFlow | <2.8.4 | |
Google TensorFlow | >=2.9.0<2.9.3 | |
Google TensorFlow | >=2.10.0<2.10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41907 is a vulnerability in TensorFlow where the tf.raw_ops.ResizeNearestNeighborGrad function can overflow when given a large size input.
CVE-2022-41907 has a severity rating of 7.5 (high).
CVE-2022-41907 affects Google TensorFlow versions up to 2.10.1.
The issue has been patched in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624 and the fix will be included in TensorFlow 2.11.
More information about CVE-2022-41907 can be found in the TensorFlow GitHub repository and the associated security advisory.