CVE-2022-35968 : Security Advisory and Response
Learn about CVE-2022-35968 affecting TensorFlow due to an unvalidated input in 'AvgPoolGrad', leading to a denial of service risk. Find mitigation steps and version patches.
A detailed analysis of CVE-2022-35968 affecting TensorFlow with a 'CHECK' failure in 'AvgPoolGrad'.
Understanding CVE-2022-35968
This CVE involves a vulnerability in TensorFlow related to the implementation of
AvgPoolGradWhat is CVE-2022-35968?
TensorFlow, an open-source platform for machine learning, is impacted by a 'CHECK' failure in 'AvgPoolGrad'. This vulnerability arises due to inadequate validation of the input
orig_input_shapeThe Impact of CVE-2022-35968
The vulnerability has a medium severity base score of 5.9 (CVSS v3.1). With a high attack complexity and network vector, it can result in a denial of service scenario, affecting availability.
Technical Details of CVE-2022-35968
This section covers the technical aspects of the vulnerability.
Vulnerability Description
The vulnerability is in the
AvgPoolGradorig_input_shapeAffected Systems and Versions
Versions of TensorFlow prior to 2.7.2, between 2.8.0 and 2.8.1, and between 2.9.0 and 2.9.1 are impacted by this vulnerability.
Exploitation Mechanism
Attackers can exploit this issue to trigger a denial of service attack, leveraging the 'CHECK' failure in
AvgPoolGradMitigation and Prevention
Effective measures to address and prevent CVE-2022-35968.
Immediate Steps to Take
Users are advised to update TensorFlow to version 2.10.0 to patch the vulnerability. For affected versions (2.7.2, 2.8.1, 2.9.1), apply the relevant cherrypicked commit.
Long-Term Security Practices
Practicing secure coding, threat modeling, and regular security updates can enhance the overall security posture.
Patching and Updates
Regularly check for security advisories, apply patches promptly, and keep TensorFlow installations up to date for enhanced security measures.