Vulnerability Details : CVE-2022-29211
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Vulnerability category: Input validation
Products affected by CVE-2022-29211
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29211
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29211
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2022-29211
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-29211
-
https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
Prevent crash when histogram is called with NaN values. · tensorflow/tensorflow@e57fd69 · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
tensorflow/histogram_op.cc at f3b9bf4c3c0597563b289c0512e98d4ce81f886e · tensorflow/tensorflow · GitHubThird Party Advisory
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
Release TensorFlow 2.6.4 · tensorflow/tensorflow · GitHubRelease Notes;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
Release TensorFlow 2.7.2 · tensorflow/tensorflow · GitHubRelease Notes;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
Release TensorFlow 2.9.0 · tensorflow/tensorflow · GitHubRelease Notes;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
Release TensorFlow 2.8.1 · tensorflow/tensorflow · GitHubRelease Notes;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/issues/45770
Segmentation fault in tf.histogram_fixed_width · Issue #45770 · tensorflow/tensorflow · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
tensorflow/histogram_op.cc at f3b9bf4c3c0597563b289c0512e98d4ce81f886e · tensorflow/tensorflow · GitHubThird Party Advisory
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
Segfault if `tf.histogram_fixed_width` is called with NaN values · Advisory · tensorflow/tensorflow · GitHubExploit;Patch;Third Party Advisory
Jump to