CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
We have also updated the `tf.io.TFRecordReader` to use `tf.read_record()` in the case of a `tf.Tensor` with a shape of 0. data_reduction_contexts will now be set to None by default. This means that when creating a `tf.data_reduction.DataReductionContext` for a `tf.Tensor` with a shape of 0, the context will now look for a TFRecordsDataReduction context instead of a tf.data_reduction.DataReductionContext. In order to migrate, set data_reduction_contexts to the desired value when creating the `tf.data_reduction.DataReductionContext` for a `tf.Tensor` with a shape of 0. For backward compatibility, data_reduction_contexts will be None by default for TensorFlow 1.0.0 and lower. This ensures that users will continue to work with any version of TensorFlow. We are working on a breaking change that will make it easier to migrate to the new setup. Stay tuned for more details. TensorFlow will now raise an error if you feed a `tf.Tensor` with a shape of 0 to a `SparseTensor` or `SparseArray` operation. Currently, the issue is only triggered for `SparseTensor` and `SparseArray` operations, not for `S
Other Updates
The following updates have been made to TensorFlow:
* We have updated the `tf.io.TFRecordReader` to use `tf.read_record()` in the case of a `tf.Tensor` with a shape of 0. This means that when creating a `tf.data_reduction.DataReductionContext` for a `tf.Tensor` with a shape of 0, the context will now look for a TFRecordsDataReduction context instead of a tf.data_reduction.DataReductionContext which is the default value when creating one for any other type of tensor, including those with shapes 1, 2 and more than 2 dimensions, as well as other types we may add in future releases
* The following operations will now raise an error if you feed them with a `tf.Tensor` with a shape of 0: - SparseTensor operations - SparseArray operations
Timeline
Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/23/2022 13:41:00 UTC
References
- https://github.com/tensorflow/tensorflow/commit/f856d02e5322821aad155dad9b3acab1e9f5d693
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/sparse/sparse_matrix.h
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41901