Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Apr 23, 2025
`CHECK` failures in `FractionalAvgPoolGrad` in TensorFlow
CVE-2022-35963
Description
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input orig_input_tensor_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflowPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-cpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
tensorflow-gpuPyPI | < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | >= 2.9.0, < 2.9.1 | 2.9.1 |
Affected products
1- Range: < 2.7.2
Patches
103a659d7be9aFix security vulnerability with FractionalAvgPoolGrad
2 files changed · +49 −2
tensorflow/core/kernels/fractional_avg_pool_op.cc+28 −2 modified@@ -12,22 +12,23 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ==============================================================================*/ + #define EIGEN_USE_THREADS #include <algorithm> #include <cmath> #include <random> #include <vector> -#include "tensorflow/core/kernels/fractional_pool_common.h" - #include "third_party/eigen3/unsupported/Eigen/CXX11/Tensor" #include "tensorflow/core/framework/numeric_op.h" #include "tensorflow/core/framework/op_kernel.h" +#include "tensorflow/core/kernels/fractional_pool_common.h" #include "tensorflow/core/lib/random/random.h" #include "tensorflow/core/platform/logging.h" #include "tensorflow/core/platform/mutex.h" #include "tensorflow/core/util/guarded_philox_random.h" +#include "tensorflow/core/util/overflow.h" namespace tensorflow { typedef Eigen::ThreadPoolDevice CPUDevice; @@ -241,7 +242,32 @@ class FractionalAvgPoolGradOp : public OpKernel { orig_input_tensor_shape.NumElements() == 4, errors::InvalidArgument("original input tensor shape must be" "1-dimensional and 4 elements")); + int64_t num_elements = 1; + for (int i = 0; i < orig_input_tensor_shape.dims(); i++) { + OP_REQUIRES(context, orig_input_tensor_shape.dim_size(i) > 0, + errors::InvalidArgument( + "orig_input_tensor_shape must be positive, got: ", + orig_input_tensor_shape.dim_size(i))); + num_elements = MultiplyWithoutOverflow( + num_elements, orig_input_tensor_shape.dim_size(i)); + OP_REQUIRES( + context, num_elements > 0, + errors::InvalidArgument( + "The total elements specified by orig_input_tensor_shape", + " is too large. Encountered overflow after multiplying ", + orig_input_tensor_shape.dim_size(i), ", result: ", num_elements)); + } + const Tensor& out_backprop = context->input(1); + OP_REQUIRES(context, out_backprop.dims() == 4, + errors::InvalidArgument("out_backprop must be 4-dimensional")); + for (int i = 0; i < out_backprop.dims(); i++) { + OP_REQUIRES(context, out_backprop.dim_size(i) > 0, + errors::InvalidArgument( + "out_backprop must be positive for all dimension, got:", + out_backprop.dim_size(i))); + } + const Tensor& row_seq_tensor = context->input(2); const Tensor& col_seq_tensor = context->input(3);
tensorflow/python/kernel_tests/nn_ops/fractional_avg_pool_op_test.py+21 −0 modified@@ -541,6 +541,27 @@ def testLargePoolingRatioThroughGradientError(self): delta=1e-2) self.assertLess(gradient_error, error_margin) + def testInvalidSeqRaiseErrorForFractionalAvgPoolGrad(self): + with self.assertRaises((errors.InvalidArgumentError, ValueError)): + with self.cached_session() as _: + overlapping = True + orig_input_tensor_shape = constant_op.constant( + -1879048192, shape=[4], dtype=dtypes.int64) + out_backprop = constant_op.constant([], + shape=[0, 0, 0, 0], + dtype=dtypes.float64) + row_pooling_sequence = constant_op.constant( + 1, shape=[4], dtype=dtypes.int64) + col_pooling_sequence = constant_op.constant( + 1, shape=[4], dtype=dtypes.int64) + t = gen_nn_ops.fractional_avg_pool_grad( + orig_input_tensor_shape=orig_input_tensor_shape, + out_backprop=out_backprop, + row_pooling_sequence=row_pooling_sequence, + col_pooling_sequence=col_pooling_sequence, + overlapping=overlapping) + self.evaluate(t) + if __name__ == "__main__": test.main()
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-84jm-4cf3-9jfmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35963ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dadghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.