Python| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.6.4 | 2.6.4 |
| tensorflow | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
| tensorflow | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-cpu | pip | < 2.6.4 | 2.6.4 |
| tensorflow-cpu | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
| tensorflow-cpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-gpu | pip | < 2.6.4 | 2.6.4 |
| tensorflow-gpu | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
| tensorflow-gpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing validation of the 'filter_sizes' argument in multiple implementations of Conv3DBackpropFilter operations. The commit 174c509 adds validation checks (OP_REQUIRES) in three separate class templates in conv_grad_ops_3d.cc, indicating these were the vulnerable points. All implementations shared the same pattern of using filter_sizes.vec() without first verifying the tensor was rank 1, which would fail catastrophically with rank-0 inputs. The direct correlation between the vulnerability description, CWE-1284 (quantity validation), and the patched locations confirms these functions as vulnerable.
KEV Misses 88% of Exploited CVEs- Get the report
