CVE-2022-35952 : Vulnerability Insights and Analysis
Learn about CVE-2022-35952 in TensorFlow, a medium severity vulnerability allowing `CHECK` failures in `UnbatchGradOp`. Explore its impact, affected versions, exploitation, and mitigation steps.
A detailed overview of the
CHECKUnbatchGradOpUnderstanding CVE-2022-20657
In this section, we will delve into the nature of the vulnerability and its impact.
What is CVE-2022-35952?
TensorFlow's
UnbatchGradOpidCHECKbatch_indexCHECKThe Impact of CVE-2022-35952
The vulnerability has a CVSS base score of 5.9, indicating a medium severity issue. It has a high availability impact as it can crash the program but does not affect confidentiality or integrity. The attack complexity is high, occurring over a network without requiring privileges or user interaction.
Technical Details of CVE-2022-35952
Explore the specific technical aspects of the vulnerability.
Vulnerability Description
The vulnerability arises from
UnbatchGradOpidbatch_indexCHECKAffected Systems and Versions
TensorFlow versions below 2.7.2 and between 2.8.0 - 2.8.1, and 2.9.0 - 2.9.1 are affected by this vulnerability.
Exploitation Mechanism
An attacker can exploit this vulnerability by providing a nonscalar
idbatch_indexCHECKMitigation and Prevention
Learn about the steps to mitigate and prevent the exploitation of CVE-2022-35952.
Immediate Steps to Take
Users should update their TensorFlow installations to versions 2.7.2, 2.8.1, 2.9.1, or newer to patch this vulnerability.
Long-Term Security Practices
Regularly update TensorFlow to the latest versions and stay informed about security advisories to ensure a secure environment.
Patching and Updates
Patches for this vulnerability are available in TensorFlow versions 2.7.2, 2.8.1, and 2.9.1, and will be included in TensorFlow 2.10.0.