CVE-2022-35998 : Security Advisory and Response
Learn about CVE-2022-35998, a `CHECK` fail vulnerability in TensorFlow, allowing denial of service attacks. Discover impact, affected versions, and mitigation steps.
A
CHECKEmptyTensorListUnderstanding CVE-2022-35998
This section provides detailed insights into the impact, technical details, and mitigation strategies related to CVE-2022-35998.
What is CVE-2022-35998?
CVE-2022-35998 is a vulnerability in TensorFlow, an open-source platform for machine learning. When
EmptyTensorListelement_shapeCHECKThe Impact of CVE-2022-35998
The vulnerability has a CVSS base score of 5.9, indicating a medium severity issue. The attack complexity is high with a network-based attack vector. Successful exploitation can result in a high availability impact.
Technical Details of CVE-2022-35998
Let's delve into the technical aspects of CVE-2022-35998.
Vulnerability Description
The vulnerability arises in the handling of input
element_shapeEmptyTensorListCHECKAffected Systems and Versions
TensorFlow versions less than 2.7.2, between 2.8.0 and 2.8.1, and between 2.9.0 and 2.9.1 are affected by this vulnerability.
Exploitation Mechanism
Attackers can manipulate the
element_shapeCHECKMitigation and Prevention
Protect your systems from CVE-2022-35998 with the following measures.
Immediate Steps to Take
Update TensorFlow to version 2.10.0 or apply the patch available in GitHub commit c8ba76d48567aed347508e0552a257641931024d.
Long-Term Security Practices
Regularly monitor security advisories and apply relevant patches promptly. Consider implementing input validation mechanisms to prevent similar vulnerabilities.
Patching and Updates
Ensure timely updates of TensorFlow to versions 2.10.0 or higher to mitigate the vulnerability effectively.