CVE-2022-29205

Published: May 20, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected (9)

Products: Google: Tensorflow

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Google Tensorflow	Before 2.6.4
Google Tensorflow	From 2.7.0 to 2.7.2
Google Tensorflow	Version 2.7.0 rc0
Google Tensorflow	Version 2.7.0 rc1
Google Tensorflow	Version 2.8.0
Google Tensorflow	Version 2.8.0 rc0
Google Tensorflow	Version 2.8.0 rc1
Google Tensorflow	Version 2.9.0 rc0
Google Tensorflow	Version 2.9.0 rc1

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (16)

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320

Source: security-advisories@github.com

Third Party Advisory

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482

Source: security-advisories@github.com

Third Party Advisory

https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976

Source: security-advisories@github.com

ExploitPatchThird Party Advisory

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L296-L320

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/eager/pywrap_tfe_src.cc#L480-L482

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/tensorflow/tensorflow/commit/237822b59fc504dda2c564787f5d3ad9c4aa62d9

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-54ch-gjq5-4976

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.