`CHECK`-fails when building invalid tensor shapes in Tensorflow
Description
Multiple TensorFlow operations can trigger CHECK-fails causing denial of service; fixed in versions 2.8.0, 2.7.1, 2.6.3, and 2.5.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple TensorFlow operations can trigger `CHECK`-fails causing denial of service; fixed in versions 2.8.0, 2.7.1, 2.6.3, and 2.5.3.
Vulnerability
Multiple operations in TensorFlow, an open-source machine learning framework, contain code paths that can result in CHECK-fail assertion failures, leading to a denial-of-service condition [1]. This issue is similar to TFSA-2021-198 and affects TensorFlow versions before 2.8.0, including 2.7.1, 2.6.3, and 2.5.3, which are within the supported range [1]. The vulnerabilities exist in various operations where insufficient input validation or boundary checks can cause the program to abort via an assertion failure [1].
Exploitation
An attacker can trigger a denial-of-service by providing crafted input to one of the affected TensorFlow operations [1]. No authentication or privileged network position is required if the attacker can supply data to a TensorFlow model or processing pipeline (e.g., via a publicly accessible serving endpoint) [1]. The specific sequence of steps depends on the operation invoked, but generally involves submitting malicious data that causes a CHECK failure, aborting the process [1].
Impact
Successful exploitation causes the TensorFlow process to terminate due to an assertion failure (CHECK-fail), resulting in a denial-of-service condition [1]. The impact is limited to availability; the attacker does not gain code execution, privilege escalation, or data exfiltration, but can repeatedly crash the service [1].
Mitigation
The fix is included in TensorFlow version 2.8.0, released February 2022 [1]. Patches are also cherry-picked to versions 2.7.1, 2.6.3, and 2.5.3 [1]. Users should upgrade to a fixed version or apply the appropriate GitHub commit patches [1]. No workarounds are detailed in the available references.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
5- osv-coords4 versions
< 2.5.3+ 3 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-qj5r-f9mv-rffhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23569ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-78.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-133.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.mdghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffhghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.