Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-11535.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-11535
Upstream
Published
2022-11-18T22:15:19Z
Modified
2026-04-21T04:22:14.754135Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2022-41897 affecting package tensorflow for versions less than 2.11.0-1
Details

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs row_pooling_sequence and col_pooling_sequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

References

Affected packages

Azure Linux:2 / tensorflow

Package

Name
tensorflow
Purl
pkg:rpm/azure-linux/tensorflow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.11.0-1

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-11535.json"