CVE-2022-41901

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-41901
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41901.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-41901
Aliases
Downstream
Published
2022-11-18T00:00:00Z
Modified
2026-04-18T04:13:10.143038Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
`CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow
Details

TensorFlow is an open source platform for machine learning. An input sparse_matrix that is not a matrix with a shape with rank 0 will trigger a CHECK fail in tf.raw_ops.SparseMatrixNNZ. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41901.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1b8f5c396f0c016ebe81fe1af029e6f205c926a4
Introduced
8a20d54a3c1bfa38c03ea99a2ad3c1b0a45dfa95
Fixed
a5ed5f39b675a1c6f315e0caf3ad4b38478fa571
Introduced
359c3cdfc5fabac82b3c70b3b6de2b0a8c16874f
Fixed
fdfc646704c37bdf450525f6ced9d80df86e4993
Fixed
f856d02e5322821aad155dad9b3acab1e9f5d693
Database specific 
{
    "cpe": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.8.4"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.3"
        },
        {
            "introduced": "2.10.0"
        },
        {
            "fixed": "2.10.1"
        }
    ]
}

Affected versions

0.*
0.5.0
0.6.0
v1.*
v1.1.0-rc1
v1.1.0-rc2
v1.12.1
v1.6.0-rc1
v1.9.0-rc2
v2.*
v2.10.0
v2.8.0
v2.8.0-rc0
v2.8.0-rc1
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1
v2.9.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41901.json"