CVE-2022-41901

TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape with rank 0 will trigger a `CHECK` fail in `tf.raw_ops.SparseMatrixNNZ`. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

History

10 Jul 2023, 16:00

Type Values Removed Values Added
CWE CWE-20 CWE-617

23 Nov 2022, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-18 22:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-41901

Mitre link : CVE-2022-41901

CVE.ORG link : CVE-2022-41901


JSON object : View

Products Affected

google

  • tensorflow
CWE
CWE-617

Reachable Assertion

CWE-20

Improper Input Validation