CVE-2022-41898
- Source
- https://cve.org/CVERecord?id=CVE-2022-41898
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41898.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-41898
- Aliases
- Downstream
- Published
- 2022-11-18T00:00:00Z
- Modified
- 2026-04-18T11:31:00.844862Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow
- Details
-
TensorFlow is an open source platform for machine learning. If
SparseFillEmptyRowsGradis given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41898.json", "cwe_ids": [ "CWE-20" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41898.json
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h
- https://nvd.nist.gov/vuln/detail/CVE-2022-41898
- https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "source": [ "CPE_FIELD", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "2.8.4" }, { "introduced": "2.9.0" }, { "fixed": "2.9.3" }, { "introduced": "2.10.0" }, { "fixed": "2.10.1" } ] }
Affected versions
0.*
0.5.0
0.6.0
v1.*
v1.1.0-rc1
v1.1.0-rc2
v1.12.1
v1.6.0-rc1
v1.9.0-rc2
v2.*
v2.10.0
v2.8.0
v2.8.0-rc0
v2.8.0-rc1
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1
v2.9.2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41898.json"
vanir_signatures_modified
"2026-04-18T11:31:00Z"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"121245589080084921155647706941003928127",
"202915884389001018711910868229222104917",
"147254263416719297106926476981879251201",
"129593549007443080874500006512275963839",
"56970556365735129601924251492642689197",
"100716426737195313767628100166711585078",
"95461453855061521191415071102399925227",
"224580703153868119336228420472172108406",
"309455210442780763283610602553138490966",
"83148263599335209977725992948818197475",
"155908174162512222739376703124084873864",
"110009344399502016971599686658106637927",
"117042493314183370427924243851757917686",
"60852052670294159312548690527100377604",
"155082337463383358448681929679175053079",
"328821329099491421238516086497724184772",
"21206963611509295498662672839756160661",
"148099628934897525476224062334698555815",
"149930719982538532155190187154706021998",
"29008994625519382484486244745077822972",
"308265318080107610450269816576419774305",
"144503671853551314723550166784815477630",
"264802265858439894014427907426073186386",
"327947093980009606701621854095309390682",
"171014938759071781820810980503900917513",
"263508393089390618428848399737882686360",
"28179356053736113199927318261092318228",
"247014729195538134643691428437894233047",
"229260788801080759910747705583275514746"
],
"threshold": 0.9
},
"target": {
"file": "tensorflow/core/kernels/sparse_fill_empty_rows_op_gpu.cu.cc"
},
"source": "https://github.com/tensorflow/tensorflow/commit/af4a6a3c8b95022c351edae94560acc61253a1b8",
"signature_version": "v1",
"id": "CVE-2022-41898-93d79cff"
}
]