CVE-2022-41885 - OpenCVE

TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Google	Tensorflow

Configuration 1 [-]

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc0::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc1::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc2::::::
	cpe:2.3:a:google:tensorflow:2.10.0:rc3::::::

References

Link	Resource
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc	Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-18T00:00:00

Updated: 2022-11-19T00:00:00

Reserved: 2022-09-30T00:00:00

Link: CVE-2022-41885

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-18T22:15:14.147

Modified: 2022-11-23T17:44:07.997

Link: CVE-2022-41885

JSON object: View

Redhat Information

No data.

CWE

CWE-131

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EBE1EC2-A67A-4885-B1BB-A2BB5D18459D", "versionEndExcluding": "2.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F9D273D-02DC-441E-AA91-EAC8DEAA4B44", "versionEndExcluding": "2.8.1", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE4F8A81-6CC2-4F7F-9602-C170FDD926E7", "versionEndExcluding": "2.9.1", "versionStartIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "B5F5D78E-DBBA-4CC7-ADB1-454F86700280", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EF6375A0-9871-4072-95F0-4266620F4713", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "534F3684-3E31-4A0A-9821-70EEFA8AB258", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E1D5EAED-B494-4E30-AB79-99BD1876B5FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para aprendizaje autom\u00e1tico. Cuando a `tf.raw_ops.FusedResizeAndPadConv2D` se le da una forma de tensor grande, se desborda. Hemos solucionado el problema en GitHub en el commit d66e1d568275e6a2947de97dca7a102a211e01ce. La soluci\u00f3n se incluir\u00e1 en TensorFlow 2.11. Tambi\u00e9n aplicaremos este commit en TensorFlow 2.10.1, 2.9.3 y TensorFlow 2.8.4, ya que estos tambi\u00e9n se ven afectados y a\u00fan se encuentran en el rango admitido."}], "id": "CVE-2022-41885", "lastModified": "2022-11-23T17:44:07.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-11-18T22:15:14.147", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/conv_ops_fused_image_transform.cc"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/d66e1d568275e6a2947de97dca7a102a211e01ce"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-131"}], "source": "security-advisories@github.com", "type": "Secondary"}]}