Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code assumes num_segments is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a CHECK-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.6.4 | 2.6.4 |
tensorflowPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | < 2.6.4 | 2.6.4 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | < 2.6.4 | 2.6.4 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
Affected products
1- Range: < 2.6.4
Patches
220cb18724b0bAllow 0 for number of segments in `unsorted_segment_join_op.cc`
1 file changed · +4 −2
tensorflow/core/kernels/unsorted_segment_join_op.cc+4 −2 modified@@ -94,8 +94,10 @@ class UnsortedSegmentJoinOp : public OpKernel { errors::InvalidArgument("Number of segments cannot be empty.")); auto num_segments = num_segments_tensor.scalar<NUM_SEGMENTS_TYPE>()(); - OP_REQUIRES(context, num_segments > 0, - errors::InvalidArgument("Number of segments must be positive")); + OP_REQUIRES( + context, num_segments >= 0, + errors::InvalidArgument( + "Number of segments must be non-negative but got ", num_segments)); OP_REQUIRES(context, segment_dims != 0, errors::InvalidArgument("Segment_id cannot have rank 0"));
84563f265f28Validate `num_segments > 0` in `unsorted_segment_join`
1 file changed · +2 −0
tensorflow/core/kernels/unsorted_segment_join_op.cc+2 −0 modified@@ -94,6 +94,8 @@ class UnsortedSegmentJoinOp : public OpKernel { errors::InvalidArgument("Number of segments cannot be empty.")); auto num_segments = num_segments_tensor.scalar<NUM_SEGMENTS_TYPE>()(); + OP_REQUIRES(context, num_segments > 0, + errors::InvalidArgument("Number of segments must be positive")); OP_REQUIRES(context, segment_dims != 0, errors::InvalidArgument("Segment_id cannot have rank 0"));
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- github.com/advisories/GHSA-hx9q-2mx4-m4pgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-29204ghsaADVISORY
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.mdghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pgghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.