The issue has been tracked on GitHub at https://github.com/tensorflow/tensorflow/issues/1289. The issue description is: When an input shape is not a UTF-8 bytestring, a `CHECK` is raised by tf.raw_ops.PyFunc, causing the input to be rejected as invalid. We have currently patched this issue in TensorFlow 2.11. The fix will be included in TensorFlow 2.11 and will be included in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4 as these are also affected and still in supported range. The issue has been closed. The patch will be included in all these versions.
Dependencies for the fix
The issue has been filed as a bug in TensorFlow 2.11. The fix will be included with TensorFlow 2.11, and as part of all other versions affected by this bug.
CVE-2021-42028
The issue has been tracked on GitHub at https://github.com/tensorflow/tensorflow/issues/1501. The issue description is: In TensorFlow 1.7, tf.gradients() incorrectly used gradients of the Givens rotation instead of the Hessian matrix when calculating Jacobian entries in some cases, which lead to incorrect training and model evaluation. We have modified this behavior in TensorFlow 2.11 and will be including it in TensorFlow 2.10 as well as TF 1.8 (which is also affected).
Credit: GitHub
It has been reported that a filter error exists in the TensorFlow library. The issue is fixed in TensorFlow 2.11, but the fix will be implemented in all versions of the library.
Test Environments
This issue has been fixed in TensorFlow 2.11 and will be included in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4 as these are also affected and still in supported range. The fix will be included in all these versions so that users of previous versions can update to the latest version if they wish to do so.
2.11
, 2.10.1, 2.9.3 and 2.8.4 also have the same issue
The issue has been fixed in TensorFlow 2.11 and will be included in TensorFlow 2.10.1, 2.9.3, and 2.8.4 as these are also affected and still in supported range
Timeline
Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/23/2022 13:57:00 UTC
References
- https://github.com/tensorflow/tensorflow/commit/9f03a9d3bafe902c1e6beb105b2f24172f238645
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/lib/core/py_func.cc
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41908