GMS-2022-1532: `CHECK` failure in depthwise ops via overflows

May 25, 2022

Impact

The implementation of depthwise ops in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor.

References

github.com/advisories/GHSA-mw6j-hh29-h379
github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md
github.com/tensorflow/tensorflow/commit/3796cc4fcd93ae55812a457abc96dcd55fbb854b
github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379

Code Behaviors & Features

Detect and mitigate GMS-2022-1532 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →