CVE-2022-35960 : What You Need to Know
Explore the impact and technical details of CVE-2022-35960, a medium severity vulnerability in TensorFlow, affecting versions < 2.7.2, >= 2.8.0, < 2.8.1, and >= 2.9.0, < 2.9.1. Learn about mitigation steps and prevention measures.
A detailed overview of CVE-2022-35960 affecting TensorFlow.
Understanding CVE-2022-35960
This CVE involves a
CHECKTensorListReserveWhat is CVE-2022-35960?
TensorFlow, an open-source machine learning platform, is impacted by a vulnerability in
core/kernels/list_kernels.cc's TensorListReserveCHECKThe Impact of CVE-2022-35960
The vulnerability has a CVSS base score of 5.9, indicating a medium severity issue. The attack complexity is high with an impact on the availability of the system.
Technical Details of CVE-2022-35960
Details related to the vulnerability and affected systems.
Vulnerability Description
In the affected function, an incorrect assumption about the tensor's size leads to a
CHECKAffected Systems and Versions
- TensorFlow versions < 2.7.2
- TensorFlow versions >= 2.8.0, < 2.8.1
- TensorFlow versions >= 2.9.0, < 2.9.1
Exploitation Mechanism
When a specific condition is met in
TensorListReserveCHECKMitigation and Prevention
Guidelines to address and prevent the CVE-2022-35960 vulnerability.
Immediate Steps to Take
- Update TensorFlow to version 2.10.0 or apply the patched commit from GitHub to mitigate the issue.
Long-Term Security Practices
Regularly check for security advisories and apply updates promptly to avoid known vulnerabilities.
Patching and Updates
Ensure TensorFlow is regularly updated to the latest version to address security issues effectively.