Описание
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
A flaw was found in TensorFlow. When a model uses tf.keras.layers.Conv2D with padding='valid' and is compiled using XLA, the compiler miscalculates the output shape and ends up with a negative dimension. This causes the process to crash during compilation, leading to a denial of service. The same operation works correctly in eager mode because it checks dimensions dynamically, but under XLA the static shape calculation fails and stops execution.
Отчет
The impact is MODERATE because the flaw only causes a denial of service and cannot be used to access data or execute arbitrary code. It happens during local model compilation when TensorFlow’s XLA tries to compile a Conv2D layer with incompatible input and kernel sizes. The error forces the process to abort, interrupting model training or inference. This requires the ability to run or modify TensorFlow model code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-modelmesh-runtime-adapter-rhel8 | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-modelmesh-runtime-adapter-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) ...
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
Уязвимость функции tf.keras.layers.Conv2D() системы машинного обучения TensorFlow, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3