Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2022-35973 : Security Advisory and Response

Learn about CVE-2022-35973, a vulnerability in TensorFlow's QuantizedMatMul function that can lead to a denial of service attack. Find out the impacted versions, mitigation steps, and patch details.

This article provides an overview of CVE-2022-35973, a vulnerability in TensorFlow that can lead to a denial of service attack by exploiting the 

QuantizedMatMul
function.

Understanding CVE-2022-35973

CVE-2022-35973 is a vulnerability in TensorFlow that allows attackers to trigger a denial of service attack by providing nonscalar input to the 

QuantizedMatMul
function.

What is CVE-2022-35973?

TensorFlow, an open-source platform for machine learning, is impacted by this vulnerability. Attackers can exploit this issue to cause a segfault, leading to a denial of service attack.

The Impact of CVE-2022-35973

The vulnerability has a CVSS base score of 5.9, indicating a medium severity level. It has a high impact on availability but does not affect confidentiality or integrity. The attack complexity is high, and it can be exploited over a network without requiring privileges or user interaction.

Technical Details of CVE-2022-35973

The vulnerability affects TensorFlow versions < 2.7.2, >= 2.8.0, < 2.8.1, and >= 2.9.0, < 2.9.1. The issue has been patched in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0, with backports to TensorFlow 2.9.1, 2.8.1, and 2.7.2.

Vulnerability Description

The vulnerability arises when providing nonscalar input to specific parameters of the 

QuantizedMatMul
function in TensorFlow, resulting in a segfault that can be exploited for a denial of service attack.

Affected Systems and Versions

TensorFlow versions < 2.7.2, >= 2.8.0, < 2.8.1, and >= 2.9.0, < 2.9.1 are affected by this vulnerability.

Exploitation Mechanism

By giving nonscalar input for certain parameters in the 

QuantizedMatMul
function, attackers can exploit the vulnerability to trigger a denial of service attack.

Mitigation and Prevention

To address CVE-2022-35973, users are advised to take immediate steps and adopt long-term security practices.

Immediate Steps to Take

Update TensorFlow to version 2.10.0 to apply the patch. For users on affected versions, consider applying the backported fixes for TensorFlow 2.9.1, 2.8.1, and 2.7.2.

Long-Term Security Practices

Regularly update software, implement secure coding practices, and monitor for security advisories to prevent similar vulnerabilities in the future.

Patching and Updates

Stay informed about security updates from TensorFlow and apply patches promptly to protect against known vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now