Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Apr 23, 2025
`CHECK` failures in `AvgPool3DGrad` in TensorFlow
CVE-2022-35959
Description
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input orig_input_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
19178ac9d6389Fix security vulnerability with AvgPool3DGrad.
5 files changed · +33 −2
tensorflow/compiler/tf2xla/BUILD+1 −0 modified@@ -403,6 +403,7 @@ cc_library( "//tensorflow/compiler/xla/client:xla_builder", "//tensorflow/compiler/xla/client:xla_computation", "//tensorflow/compiler/xla/service:hlo", + "//tensorflow/core/util:overflow", "//tensorflow/core:core_cpu", "//tensorflow/core:core_cpu_internal", "//tensorflow/core:framework",
tensorflow/compiler/tf2xla/xla_op_kernel.cc+11 −0 modified@@ -30,6 +30,7 @@ limitations under the License. #include "tensorflow/compiler/xla/status_macros.h" #include "tensorflow/core/common_runtime/dma_helper.h" #include "tensorflow/core/platform/errors.h" +#include "tensorflow/core/util/overflow.h" namespace tensorflow { @@ -443,6 +444,16 @@ Status XlaOpKernelContext::ConstantInputAsShape(int index, TensorShape* shape, TF_RETURN_IF_ERROR(ConstantInput(index, &literal, mode)); std::vector<int64_t> dims; TF_RETURN_IF_ERROR(LiteralToInt64Vector(literal, &dims)); + + int64_t num_elements = 1; + for (auto i = dims.begin(); i != dims.end(); ++i) { + num_elements = MultiplyWithoutOverflow(num_elements, *i); + if (num_elements < 0) + return errors::InvalidArgument( + "The total elements specified by orig_input_shape is too large.", + "Encountered overflow after multiplying", *i, + ", result: ", num_elements); + } *shape = TensorShape(dims); return OkStatus(); }
tensorflow/core/kernels/pooling_ops_3d.cc+1 −1 modified@@ -523,7 +523,7 @@ class AvgPooling3dGradOp : public OpKernel { TensorShape output_shape; auto shape_vec = tensor_in_shape.vec<int32>(); for (int64_t i = 0; i < tensor_in_shape.NumElements(); ++i) { - output_shape.AddDim(shape_vec(i)); + OP_REQUIRES_OK(context, output_shape.AddDimWithStatus(shape_vec(i))); } Tensor* output;
tensorflow/python/kernel_tests/nn_ops/BUILD+1 −0 modified@@ -500,6 +500,7 @@ cuda_py_test( srcs = ["pooling_ops_3d_test.py"], deps = [ "//tensorflow/python:client_testlib", + "//tensorflow/python:dtypes", "//tensorflow/python:framework_for_generated_wrappers", "//tensorflow/python:nn_grad", "//tensorflow/python:nn_ops",
tensorflow/python/kernel_tests/nn_ops/pooling_ops_3d_test.py+19 −1 modified@@ -18,6 +18,7 @@ from tensorflow.python.eager import context from tensorflow.python.framework import constant_op +from tensorflow.python.framework import dtypes from tensorflow.python.framework import errors from tensorflow.python.framework import errors_impl from tensorflow.python.framework import test_util @@ -67,7 +68,7 @@ def _VerifyOneTest(self, pool_func, input_sizes, window, strides, padding, # Initializes the input tensor with array containing incrementing # numbers from 1. x = [f * 1.0 for f in range(1, total_size + 1)] - with self.cached_session(use_gpu=use_gpu) as sess: + with self.cached_session(use_gpu=use_gpu): t = constant_op.constant(x, shape=input_sizes) window = [1] + list(window) + [1] strides = [1] + list(strides) + [1] @@ -124,6 +125,23 @@ def testAvgPool3dSamePaddingDifferentStrides(self): padding="SAME", expected=expected_output) + def testMaxPool3dGrad(self): + with self.assertRaises( + (errors.ResourceExhaustedError, errors.InvalidArgumentError)): + with self.cached_session(): + orig_input_shape = constant_op.constant( + 1879048192, shape=[5], dtype=dtypes.int32) + grad = constant_op.constant( + 1, shape=[1, 3, 2, 4, 2], dtype=dtypes.float32) + t = gen_nn_ops.AvgPool3DGrad( + orig_input_shape=orig_input_shape, + grad=grad, + ksize=[1, 1, 1, 1, 1], + strides=[1, 1, 1, 1, 1], + padding="SAME", + data_format="NDHWC") + self.evaluate(t) + def testMaxPool3dValidPadding(self): expected_output = [40.0, 41.0, 42.0] self._VerifyValues(
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-wxjj-cgcx-r3vqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35959ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/9178ac9d6389bdc54638ab913ea0e419234d14ebghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.