PYSEC-2026-981
Out of bounds write in grappler in Tensorflow
Details
### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.
### Patches We have patched the issue in GitHub commit [a65411a1d69edfb16b25907ffb8f73556ce36bb7](https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7).
The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1.
### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
Are you affected?
Enter the version of the package you're using.
Affected packages
0 Fixed in: 2.8.4 pip install --upgrade 'tensorflow-gpu>=2.8.4' References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cg88-rpvp-cjv5 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2022-41902 [ADVISORY]
- https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7 [WEB]
- https://github.com/tensorflow/tensorflow [PACKAGE]
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221 [WEB]
- https://pypi.org/project/tensorflow-gpu [PACKAGE]
- https://github.com/advisories/GHSA-cg88-rpvp-cjv5 [ADVISORY]