AVID-2026-R1096

Description

CHECK fail in tf.sparse.cross in TensorFlow (CVE-2022-35997)

Details

TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Reason for inclusion in AVID: CVE-2022-35997 describes a vulnerability in TensorFlow (tf.sparse.cross) that can trigger a denial of service via an input leading to a CHECK failure. TensorFlow is an ML framework widely used to build/train/deploy AI systems, so this is a vulnerability in a software component that sits in the AI software stack. It directly affects software used in AI pipelines, constitutes a security/safety vulnerability (DoS), and has a published patch/commit, with affected versions and remediation, providing clear evidence for curation in the AI supply chain.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf
• https://github.com/tensorflow/tensorflow/commit/83dcb4dbfa094e33db084e97c4d0531a559e0ebf

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-09-16
• Version: 0.3.3
• AVID Entry