High severityNVD Advisory· Published Feb 4, 2022· Updated Apr 23, 2025
`CHECK`-failures in Tensorflow
CVE-2022-23565
Description
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
1- Range: >= 2.7.0, < 2.7.1
Patches
1c2b31ff2d315Remove a `DCHECK`-fail, log an error instead.
1 file changed · +4 −3
tensorflow/core/framework/op_def_util.cc+4 −3 modified@@ -821,9 +821,10 @@ bool RepeatedAttrDefEqual( const protobuf::RepeatedPtrField<OpDef::AttrDef>& a2) { std::unordered_map<string, const OpDef::AttrDef*> a1_set; for (const OpDef::AttrDef& def : a1) { - DCHECK(a1_set.find(def.name()) == a1_set.end()) - << "AttrDef names must be unique, but '" << def.name() - << "' appears more than once"; + if (a1_set.find(def.name()) != a1_set.end()) { + LOG(ERROR) << "AttrDef names must be unique, but '" << def.name() + << "' appears more than once"; + } a1_set[def.name()] = &def; } for (const OpDef::AttrDef& def : a2) {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-4v5p-v5h9-6xjxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23565ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-74.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-129.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/c2b31ff2d3151acb230edc3f5b1832d2c713a9e0ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjxghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.