Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Apr 23, 2025

`CHECK` fail in `Save` and `SaveSlices` in TensorFlow

CVE-2022-35983

Description

TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.7.2	2.7.2
tensorflowPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflowPyPI	>= 2.9.0, < 2.9.1	2.9.1
tensorflow-cpuPyPI	< 2.7.2	2.7.2
tensorflow-cpuPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-cpuPyPI	>= 2.9.0, < 2.9.1	2.9.1
tensorflow-gpuPyPI	< 2.7.2	2.7.2
tensorflow-gpuPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-gpuPyPI	>= 2.9.0, < 2.9.1	2.9.1

Affected products

Tensorflow/Tensorflowv5
Range: < 2.7.2

Patches

5dd7b86b84a8

Fix tf.raw_ops.SaveSlices vulnerability with unsupported dtypes.

https://github.com/tensorflow/tensorflowAlan LiuJul 18, 2022via ghsa

commit

3 files changed · +38 −8

tensorflow/core/util/tensor_slice_writer.cc+11 −2 modified

@@ -131,6 +131,16 @@ Status TensorSliceWriter::Finish() {
 
 /* static */
 size_t TensorSliceWriter::MaxBytesPerElement(DataType dt) {
+  size_t max_bytes_per_element =
+      TensorSliceWriter::MaxBytesPerElementOrZero(dt);
+  if (max_bytes_per_element == 0) {
+    LOG(FATAL) << "MaxBytesPerElement not implemented for dtype: " << dt;
+  }
+  return max_bytes_per_element;
+}
+
+/* static */
+size_t TensorSliceWriter::MaxBytesPerElementOrZero(DataType dt) {
   switch (dt) {
     case DT_FLOAT:
       return 4;
@@ -170,9 +180,8 @@ size_t TensorSliceWriter::MaxBytesPerElement(DataType dt) {
     case DT_STRING:
     case DT_BFLOAT16:
     default:
-      LOG(FATAL) << "MaxBytesPerElement not implemented for dtype: " << dt;
+      return 0;
   }
-  return 0;
 }
 
 template <>

tensorflow/core/util/tensor_slice_writer.h+11 −3 modified

@@ -68,6 +68,8 @@ class TensorSliceWriter {
   static size_t MaxBytesPerElement(DataType dt);
 
  private:
+  static size_t MaxBytesPerElementOrZero(DataType dt);
+
   static constexpr size_t kMaxMessageBytes = 1LL << 31;
   // Filling in the TensorProto in a SavedSlice will add the following
   // header bytes, in addition to the data:
@@ -162,9 +164,15 @@ Status TensorSliceWriter::Add(const string& name, const TensorShape& shape,
 template <typename T>
 Status TensorSliceWriter::SaveData(const T* data, int64_t num_elements,
                                    SavedSlice* ss) {
-  size_t size_bound =
-      ss->ByteSize() + kTensorProtoHeaderBytes +
-      (MaxBytesPerElement(DataTypeToEnum<T>::value) * num_elements);
+  size_t max_bytes_per_element =
+      MaxBytesPerElementOrZero(DataTypeToEnum<T>::value);
+  if (max_bytes_per_element == 0) {
+    return errors::InvalidArgument(
+        "Tensor slice serialization not implemented for dtype ",
+        DataTypeToEnum<T>::value);
+  }
+  size_t size_bound = ss->ByteSize() + kTensorProtoHeaderBytes +
+                      (max_bytes_per_element * num_elements);
   if (size_bound > kMaxMessageBytes) {
     return errors::InvalidArgument(
         "Tensor slice is too large to serialize (conservative estimate: ",

tensorflow/core/util/tensor_slice_writer_test.cc+16 −3 modified

@@ -15,17 +15,19 @@ limitations under the License.
 
 #include "tensorflow/core/util/tensor_slice_writer.h"
 
+#include <algorithm>
 #include <array>
+#include <memory>
+#include <vector>
 
 #include "tensorflow/core/framework/tensor_shape.pb.h"
 #include "tensorflow/core/framework/versions.pb.h"
 #include "tensorflow/core/lib/core/status_test_util.h"
-#include "tensorflow/core/lib/core/stringpiece.h"
-#include "tensorflow/core/lib/io/path.h"
-#include "tensorflow/core/lib/strings/str_util.h"
 #include "tensorflow/core/platform/logging.h"
+#include "tensorflow/core/platform/path.h"
 #include "tensorflow/core/platform/protobuf.h"
 #include "tensorflow/core/platform/test.h"
+#include "tensorflow/core/protobuf/error_codes.pb.h"
 #include "tensorflow/core/public/version.h"
 #include "tensorflow/core/util/saved_tensor_slice_util.h"
 #include "tensorflow/core/util/tensor_slice_reader.h"
@@ -362,6 +364,17 @@ TEST(TensorSliceWriteTest, SizeErrors) {
   }
 }
 
+TEST(TensorSliceWriterTest, InvalidInput) {
+  SavedSlice ss;
+  std::array<uint32_t, 1> data;
+  std::fill(data.begin(), data.end(), 1234);
+  Status s = TensorSliceWriter::SaveData(data.data(), data.size(), &ss);
+  EXPECT_EQ(s.code(), error::INVALID_ARGUMENT);
+  EXPECT_TRUE(absl::StrContains(
+      s.error_message(),
+      "Tensor slice serialization not implemented for dtype"));
+}
+
 }  // namespace checkpoint
 
 }  // namespace tensorflow

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-m6vp-8q9j-whx4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-35983ghsaADVISORY
github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000