Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Apr 23, 2025

`CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow

CVE-2022-36005

Description

TensorFlow is an open source platform for machine learning. When tf.quantization.fake_quant_with_min_max_vars_gradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.7.2	2.7.2
tensorflowPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflowPyPI	>= 2.9.0, < 2.9.1	2.9.1
tensorflow-cpuPyPI	< 2.7.2	2.7.2
tensorflow-cpuPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-cpuPyPI	>= 2.9.0, < 2.9.1	2.9.1
tensorflow-gpuPyPI	< 2.7.2	2.7.2
tensorflow-gpuPyPI	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-gpuPyPI	>= 2.9.0, < 2.9.1	2.9.1

Affected products

Tensorflow/Tensorflowv5
Range: < 2.7.2

Patches

f3cf67ac5705

Add IsScalar / IsVector (rank) checks to input min/max tensors for FakeQuantWithMinMaxVarsPerChannelGradientOp and FakeQuantWithMinMaxVarsGradientOp.

https://github.com/tensorflow/tensorflowA. Unique TensorFlowerJul 22, 2022via ghsa

commit

2 files changed · +80 −4

tensorflow/core/kernels/fake_quant_ops.cc+12 −0 modified

@@ -261,6 +261,12 @@ class FakeQuantWithMinMaxVarsGradientOp : public OpKernel {
                 InvalidArgument("gradient and input must be the same size"));
     const Tensor& min = context->input(2);
     const Tensor& max = context->input(3);
+    OP_REQUIRES(
+        context, TensorShapeUtils::IsScalar(min.shape()),
+        InvalidArgument("`min` must be rank 0 but is rank ", min.dims()));
+    OP_REQUIRES(
+        context, TensorShapeUtils::IsScalar(max.shape()),
+        InvalidArgument("`max` must be rank 0 but is rank ", max.dims()));
 
     Tensor* grad_wrt_input;
     OP_REQUIRES_OK(context,
@@ -414,10 +420,16 @@ class FakeQuantWithMinMaxVarsPerChannelGradientOp : public OpKernel {
                 InvalidArgument("gradient and input must be the same size"));
     const int depth = input.dim_size(input.dims() - 1);  // last dimension size.
     const Tensor& min = context->input(2);
+    OP_REQUIRES(
+        context, TensorShapeUtils::IsVector(min.shape()),
+        InvalidArgument("`min` must be rank 1 but is rank ", min.dims()));
     OP_REQUIRES(context, min.dim_size(0) == depth,
                 InvalidArgument("min has incorrect size, expected ", depth,
                                 " was ", min.dim_size(0)));
     const Tensor& max = context->input(3);
+    OP_REQUIRES(
+        context, TensorShapeUtils::IsVector(max.shape()),
+        InvalidArgument("`max` must be rank 1 but is rank ", max.dims()));
     OP_REQUIRES(context, max.dim_size(0) == depth,
                 InvalidArgument("max has incorrect size, expected ", depth,
                                 " was ", max.dim_size(0)));

tensorflow/python/kernel_tests/quantization_ops/quantization_ops_test.py+68 −4 modified

@@ -77,6 +77,71 @@ def test_invalid_inputs(self):
               inputs=inputs, min=[0.0], max=[1.0, 1.1]))
 
 
+class FakeQuantWithMinMaxVarsGradientOpTest(test_util.TensorFlowTestCase):
+
+  @test_util.run_in_graph_and_eager_modes
+  def test_invalid_inputs(self):
+    gradients = constant_op.constant(
+        value=[[1.0], [2.0], [4.0]], dtype=dtypes.float32)
+    inputs = constant_op.constant(
+        value=[[1.0], [2.0], [4.0]], dtype=dtypes.float32)
+
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "must be equal rank|must be rank 0"):
+      self.evaluate(
+          array_ops.fake_quant_with_min_max_vars_gradient(
+              gradients=gradients,
+              inputs=inputs,
+              min=0.0,
+              max=[[1.0], [2.0], [4.0]]))
+
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "must be rank 0"):
+      self.evaluate(
+          array_ops.fake_quant_with_min_max_vars_gradient(
+              gradients=gradients,
+              inputs=inputs,
+              min=[[1.0], [2.0], [4.0]],
+              max=[[1.0], [2.0], [4.0]]))
+
+
+class FakeQuantWithMinMaxVarsPerChannelGradientOpTest(
+    test_util.TensorFlowTestCase):
+
+  @test_util.run_in_graph_and_eager_modes
+  def test_invalid_inputs(self):
+    gradients = constant_op.constant(
+        value=[[1.0], [2.0], [4.0]], dtype=dtypes.float32)
+    inputs = constant_op.constant(
+        value=[[1.0], [2.0], [4.0]], dtype=dtypes.float32)
+
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "Shapes must be equal rank|must be rank 1"):
+      self.evaluate(
+          array_ops.fake_quant_with_min_max_vars_per_channel_gradient(
+              gradients=gradients, inputs=inputs, min=[[0.0]], max=[1.0]))
+
+    with self.assertRaisesRegex(
+        (ValueError, errors.InvalidArgumentError),
+        "Dimension 0 in both shapes must be equal|incorrect size"):
+      self.evaluate(
+          array_ops.fake_quant_with_min_max_vars_per_channel_gradient(
+              gradients=gradients, inputs=inputs, min=[0.0, 0.1], max=[1.0]))
+
+    with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
+                                "Shapes must be equal rank|must be rank 1"):
+      self.evaluate(
+          array_ops.fake_quant_with_min_max_vars_per_channel_gradient(
+              gradients=gradients, inputs=inputs, min=[1.0], max=[[1.0]]))
+
+    with self.assertRaisesRegex(
+        (ValueError, errors.InvalidArgumentError),
+        "Dimension 0 in both shapes must be equal|incorrect size"):
+      self.evaluate(
+          array_ops.fake_quant_with_min_max_vars_per_channel_gradient(
+              gradients=gradients, inputs=inputs, min=[0.0], max=[1.0, 1.1]))
+
+
 class QuantizedBiasedAddTest(test_util.TensorFlowTestCase):
 
   @test_util.run_in_graph_and_eager_modes
@@ -337,10 +402,9 @@ def test_invalid_inputs(self):
     with self.assertRaisesRegex((ValueError, errors.InvalidArgumentError),
                                 "must be rank 0"):
       self.evaluate(
-          math_ops.quantize_down_and_shrink_range(input=inputs,
-                                                  input_min=[],
-                                                  input_max=4.0,
-                                                  out_type=dtypes.quint8))
+          math_ops.quantize_down_and_shrink_range(
+              input=inputs, input_min=[], input_max=4.0,
+              out_type=dtypes.quint8))
 
 
 if __name__ == "__main__":

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-r26c-679w-mrjmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-36005ghsaADVISORY
github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feedghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/releases/tag/v2.10.0ghsaWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjmghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000