CVE-2022-35940 : TensorFlow is an open source platform for machine learning. The `RaggedRangOp` f

TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Published 2022-09-16 20:15:10

Updated 2022-09-20 18:07:41

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2022-35940

Google » Tensorflow
Versions from including (>=) 2.8.0 and before (<) 2.8.1
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.7.0 and before (<) 2.7.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.9.0 and before (<) 2.9.1
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC1
cpe:2.3:a:google:tensorflow:2.10:rc1:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC2
cpe:2.3:a:google:tensorflow:2.10:rc2:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC3
cpe:2.3:a:google:tensorflow:2.10:rc3:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC0
cpe:2.3:a:google:tensorflow:2.10:rc0:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-35940

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-35940

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-35940

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2022-35940

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x

Int overflow in `RaggedRangeOp` · Advisory · tensorflow/tensorflow · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/37cefa91bee4eace55715eeef43720b958a01192

[security] Fix int overflow in RaggedRangeOp. · tensorflow/tensorflow@37cefa9 · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/kernels/ragged_range_op.cc#L74-L88

tensorflow/ragged_range_op.cc at 0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543 · tensorflow/tensorflow · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-35940

Products affected by CVE-2022-35940

Exploit prediction scoring system (EPSS) score for CVE-2022-35940

CVSS scores for CVE-2022-35940

CWE ids for CVE-2022-35940

References for CVE-2022-35940