CVE-2022-29209
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
Description
### Impact The [macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.)](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. ### Patches We have patched the issue in GitHub commit [b917181c29b50cb83399ba41f4d938dc369109a1](https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1) (merging GitHub PR [#55730](https://github.com/tensorflow/tensorflow/pull/55730)). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported externally via a [GitHub issue](https://github.com/tensorflow/tensorflow/issues/55530).
How to fix CVE-2022-29209
To remediate CVE-2022-29209, upgrade the affected package to a fixed version below.
- —upgrade to 2.6.4 or later
- —upgrade to 2.6.4 or later
- —upgrade to 2.6.4 or later
- —upgrade to 2.6.4 or later
Is CVE-2022-29209 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.