CVE-2022-41898 TensorFlow is an open source machine learning platform. We patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8.

CVE-2022-41898 TensorFlow is an open source machine learning platform. We patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8.

We have released a patched TensorFlow version to fix this issue: https://github.com/apache/tensorflow/blob/master/tensorflow/core/libs/python/tensorflow/ Estimators, TensorBoard, and TensorTest will now work properly with `SparseFillEmptyRowsGrad()`.
If you are using TensorFlow on Windows, we recommend upgrading to TensorFlow 2.11. You can find the latest version at https://www.tensorflow.org/download/ We recommend caution when upgrading to the patched version. Most importantly, back up your data. If you are running Estimators, TensorBoard, or TensorTest, you should update these dependencies as well. We are working on updating these, but currently the following ones are available: - TensorFlow: https://www.tensorflow.org/download/ - Keras: https://keras.io/

Summary of the Patch

This patch fixes an issue where sparse_fill_empty_rows() on Windows would crash with a segmentation fault. The fix has been tested on Windows, and should support both 32-bit and 64-bit versions of Windows. We have tested on both Python 2.7 and 2.8, as well as on TensorFlow 1.12, with no problems.

What happened?

The fix was related to the behavior of sparse filling with empty rows. The issue was caused by a bug in SparseFillEmptyRowsGrad() that allowed it to fill rows outside of its bounds: https://github.com/apache/tensorflow/blob/master/tensorflow/core/libs/python/tensorflow/ops.py#L1482
We have released a patched TensorFlow version to fix this issue: https://github.com/apache/tensorflow/. Estimators, TensorBoard, and TensorTest will now work properly with `SparseFillEmptyRowsGrad()`.
If you are using TensorFlow on Windows, we recommend upgrading to TensorFlow 2.11. You can find the latest version at https://www.tensorflow.org/. We recommend caution when upgrading to the patched version. Most importantly, back up your data before upgrading. If you are running Estimators, TensorBoard, or TensorTest, you should update these dependencies as well. We are working on updating these but currently the following ones are available: -TensorFlow: https://www.tensorflow.org/download/ -Keras: https://keras.io/.

Upgrade to the latest version of TensorFlow

We have released a patched TensorFlow version to fix this issue: https://github.com/apache/tensorflow/blob/master/tensorflow/core/libs/python/tensorflow/ Estimators, TensorBoard, and TensorTest will now work properly with `SparseFillEmptyRowsGrad()`.
If you are using TensorFlow on Windows, we recommend upgrading to TensorFlow 2.11. You can find the latest version at https://www.tensorflow.org/download/. We recommend caution when upgrading to the patched version. Most importantly, back up your data. If you are running Estimators, TensorBoard, or TensorTest, you should update these dependencies as well. We are working on updating these, but currently the following ones are available: - TensorFlow: https://www.tensorflow.org/download/ - Keras: https://keras.io/.

Issue details

CVE-2022-41898: TensorFlow: sparsefillemptyrowsgrad
The patch will be applied automatically to the latest TensorFlow binaries that have been released.

What is TensorFlow?

TensorFlow is an open source software library for numerical computation using data flow graphs. It was originally developed by researchers and engineers working on the Google Brain team within Google's DeepMind subsidiary. The system is a general-purpose framework for machine learning using data flow graphs, in which mathematical operations are represented as nodes that send and receive data through graph edges.
In addition to being used by researchers and engineers building neural networks, TensorFlow has also been applied to a wide range of other fields such as computer vision, natural language processing, robotics, control theory, numerical analysis, and scientific computing.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe