VYPR
← All advisories
Moderate severityNVD Advisory· Published May 20, 2022· Updated Apr 22, 2025

Missing validation causes `TensorSummaryV2` in TensorFlow to crash

CVE-2022-29193

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
< 2.6.42.6.4
tensorflowPyPI
>= 2.7.0, < 2.7.22.7.2
tensorflowPyPI
>= 2.8.0, < 2.8.12.8.1
tensorflow-cpuPyPI
< 2.6.42.6.4
tensorflow-cpuPyPI
>= 2.7.0, < 2.7.22.7.2
tensorflow-cpuPyPI
>= 2.8.0, < 2.8.12.8.1
tensorflow-gpuPyPI
< 2.6.42.6.4
tensorflow-gpuPyPI
>= 2.7.0, < 2.7.22.7.2
tensorflow-gpuPyPI
>= 2.8.0, < 2.8.12.8.1

Affected products

1

Patches

1
290bb05c80c3

Fix tf.raw_ops.TensorSummaryV2 vulnerability with invalid serialized_summary_metadata.

https://github.com/tensorflow/tensorflowAlan LiuApr 28, 2022via ghsa
commit
1 file changed · +4 0
  • tensorflow/core/kernels/summary_tensor_op.cc+4 0 modified
    @@ -36,6 +36,10 @@ class SummaryTensorOpV2 : public OpKernel {
                 errors::InvalidArgument("tag must be scalar"));
     const Tensor& tensor = c->input(1);
     const Tensor& serialized_summary_metadata_tensor = c->input(2);
+    OP_REQUIRES(
+        c,
+        TensorShapeUtils::IsScalar(serialized_summary_metadata_tensor.shape()),
+        errors::InvalidArgument("serialized_summary_metadata must be scalar"));
 
     Summary s;
     Summary::Value* v = s.add_value();

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.