Moderate severityNVD Advisory· Published May 20, 2022· Updated Apr 22, 2025

Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`

CVE-2022-29196

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code does not validate that the filter_sizes argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.6.4	2.6.4
tensorflowPyPI	>= 2.7.0, < 2.7.2	2.7.2
tensorflowPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-cpuPyPI	< 2.6.4	2.6.4
tensorflow-cpuPyPI	>= 2.7.0, < 2.7.2	2.7.2
tensorflow-cpuPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-gpuPyPI	< 2.6.4	2.6.4
tensorflow-gpuPyPI	>= 2.7.0, < 2.7.2	2.7.2
tensorflow-gpuPyPI	>= 2.8.0, < 2.8.1	2.8.1

Affected products

Tensorflow/Tensorflowv5
Range: < 2.6.4

Patches

174c5096f303

Fix failed check in Conv3DBackpropFilterV2.

https://github.com/tensorflow/tensorflowAntonio SanchezApr 29, 2022via ghsa

commit

2 files changed · +30 −0

tensorflow/core/kernels/conv_grad_ops_3d.cc+12 −0 modified

@@ -741,6 +741,10 @@ class Conv3DBackpropFilterOp : public OpKernel {
     TensorShape filter_shape;
     if (takes_shape_) {
       const Tensor& filter_sizes = context->input(1);
+      OP_REQUIRES(context, TensorShapeUtils::IsVector(filter_sizes.shape()),
+                  errors::InvalidArgument(
+                      "filter_sizes shape must be rank 1 but is rank ",
+                      filter_sizes.shape().dims()));
       OP_REQUIRES_OK(context, TensorShapeUtils::MakeShape(
                                   filter_sizes.vec<int32>(), &filter_shape));
     } else {
@@ -875,6 +879,10 @@ class Conv3DCustomBackpropFilterOp : public OpKernel {
     TensorShape filter_shape;
     if (takes_shape_) {
       const Tensor& filter_sizes = context->input(1);
+      OP_REQUIRES(context, TensorShapeUtils::IsVector(filter_sizes.shape()),
+                  errors::InvalidArgument(
+                      "filter_sizes shape must be rank 1 but is rank ",
+                      filter_sizes.shape().dims()));
       OP_REQUIRES_OK(context, TensorShapeUtils::MakeShape(
                                   filter_sizes.vec<int32>(), &filter_shape));
     } else {
@@ -1638,6 +1646,10 @@ class Conv3DBackpropFilterOp<GPUDevice, T> : public OpKernel {
     TensorShape filter_shape;
     if (takes_shape_) {
       const Tensor& filter_sizes = context->input(1);
+      OP_REQUIRES(context, TensorShapeUtils::IsVector(filter_sizes.shape()),
+                  errors::InvalidArgument(
+                      "filter_sizes shape must be rank 1 but is rank ",
+                      filter_sizes.shape().dims()));
       OP_REQUIRES_OK(context, tensor::MakeShape(filter_sizes, &filter_shape));
     } else {
       filter_shape = context->input(1).shape();

tensorflow/python/kernel_tests/nn_ops/conv3d_backprop_filter_v2_grad_test.py+18 −0 modified

@@ -18,6 +18,7 @@
 
 from tensorflow.python.framework import constant_op
 from tensorflow.python.framework import dtypes
+from tensorflow.python.framework import errors
 from tensorflow.python.framework import test_util
 from tensorflow.python.ops import array_ops
 from tensorflow.python.ops import gradient_checker
@@ -58,6 +59,23 @@ def testGradient(self):
           err_tolerance = 1e-3
           self.assertLess(err, err_tolerance)
 
+  def testBadFilterShape(self):
+    strides = [1, 1, 1, 1, 1]
+    padding = "VALID"
+    tin = constant_op.constant(
+        .5053710941, shape=[2, 2, 2, 2, 1], dtype=dtypes.float32)
+    filter_sizes = constant_op.constant(0, shape=[], dtype=dtypes.int32)
+    out_backprop = constant_op.constant(
+        .5053710941, shape=[2, 2, 2, 2, 1], dtype=dtypes.float32)
+
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "must be rank 1"):
+      nn_ops.conv3d_backprop_filter_v2(
+          input=tin,
+          filter_sizes=filter_sizes,
+          out_backprop=out_backprop,
+          strides=strides,
+          padding=padding)
 
 if __name__ == "__main__":
   test.main()

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-5v77-j66x-4c4gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-29196ghsaADVISORY
github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/conv_grad_ops_3d.ccghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/commit/174c5096f303d5be7ed2ca2662b08371bff4ab88ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/releases/tag/v2.6.4ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/releases/tag/v2.7.2ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/releases/tag/v2.8.1ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/releases/tag/v2.9.0ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-5v77-j66x-4c4gghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000