CVE-2022-41897 - TensorFlow FractionMaxPoolGrad Out-of-Bounds Input Crash Explained

TensorFlow is one of the most widely used open-source machine learning platforms. Known for powering everything from research experiments to large production systems, it’s vital that TensorFlow remains stable and secure. In late 2022, a vulnerability called CVE-2022-41897 was identified—and patched—in the way TensorFlow handles certain inputs inside its FractionMaxPoolGrad operation. In this post, we’ll break down what this bug means, how it could be triggered, show code snippets for clarity, and point you to official references.

What is CVE-2022-41897?

CVE-2022-41897 describes a situation where TensorFlow could crash if the FractionMaxPoolGrad operation is given certain out-of-bound inputs. Specifically, if you use invalid or malicious values for the row_pooling_sequence and col_pooling_sequence arguments, TensorFlow doesn’t just return an error—it crashes outright.

Crashing a program is never good, but in some setups, this might even be abused for denial of service (DoS) attacks.

Why Does This Happen?

The root of the problem is that TensorFlow did not validate the boundaries of the row_pooling_sequence and col_pooling_sequence. If an attacker or buggy code provided values outside the expected ranges, TensorFlow could try to index memory that didn’t belong to it—leading to a crash.

For example, here is a simplified code flow of how the bug could be triggered

import tensorflow as tf

# Create dummy gradient, pooling sequence inputs
grad = tf.constant([[1., 2.], [3., 4.]], dtype=tf.float32)
orig_input_shape = tf.constant([1, 2, 2, 1], dtype=tf.int64)
row_pooling_sequence = tf.constant([, 3, 20], dtype=tf.int64)  # OUT-OF-BOUNDS!
col_pooling_sequence = tf.constant([, -5, 2], dtype=tf.int64)  # OUT-OF-BOUNDS!

try:
    res = tf.raw_ops.FractionMaxPoolGrad(
        orig_input_shape=orig_input_shape,
        out_backprop=grad,
        row_pooling_sequence=row_pooling_sequence,
        col_pooling_sequence=col_pooling_sequence
    )
except Exception as e:
    print(f"Caught exception: {e}")

Before the fix, running this code could crash the Python interpreter. After the fix, TensorFlow catches the exception and throws a Python error without crashing.

Patch Details

TensorFlow maintainers quickly moved to patch the issue. The relevant fix was made public in this GitHub commit:

- Commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927

This patch adds input validation—checking that the values in row_pooling_sequence and col_pooling_sequence are within a valid range before proceeding.

Here’s an excerpt from the patch

// Before: No checks
// After: With input validation
for (int i = ; i < row_seq_size; ++i) {
  OP_REQUIRES(context, row_pooling_sequence[i] >=  && row_pooling_sequence[i] <= max_row_value,
    errors::InvalidArgument("row_pooling_sequence out of range."));
}

This makes sure that values outside the allowed range trigger an error, *not* a crash.

No RCE: There is (as of now) no evidence that arbitrary code execution is possible via this bug.

- Scope: Only users with direct access to run, or input to, the TensorFlow graph could exploit this.

Which Versions Are Affected & Fixed?

Affected:

TensorFlow 2.10.x

Fixed in:

Cherrypicked fixes in: 2.10.1, 2.9.3, 2.8.4

If you’re running any of the affected versions, *update as soon as possible*.

References

- TensorFlow Security Advisory GHSA-8x34-6hxq-p7q4
- Official Commit Fix
- CVE Record (NVD)

Upgrade TensorFlow to at least 2.11. (or the latest compatible patch version for your workflow).

- If you can’t upgrade immediately, *make sure to sanitize user-controlled input*—never pass unchecked pooling sequences to low-level TensorFlow APIs in production.
- Review your code and dependencies for use of FractionMaxPoolGrad if you’re doing custom pooling/gradient ops.

TL;DR

CVE-2022-41897 is a crash bug in TensorFlow’s FractionMaxPoolGrad when given bad input. It’s fixed in TensorFlow 2.11 and backported to earlier stable versions.
Update now and stay safe!


*This explanation is exclusive to this post, crafted for clarity on TensorFlow security for developers of all levels. If you work with machine learning in production or research, always keep your tools patched.*

Timeline

Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/22/2022 19:34:00 UTC