CVE-2022-36012 : TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv

TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Published 2022-09-16 23:15:11

Updated 2022-09-20 14:40:24

Source GitHub, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-36012

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 37 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-36012

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-36012

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)

References for CVE-2022-36012

https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/functiondef_import.cc

tensorflow/functiondef_import.cc at master · tensorflow/tensorflow · GitHub
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/ad069af92392efee1418c48ff561fd3070a03d7b

[tfg][functiondef_import] Error on empty edge names · tensorflow/tensorflow@ad069af · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5

Assertion fail on MLIR empty edge names · Advisory · tensorflow/tensorflow · GitHub
Third Party Advisory

Products affected by CVE-2022-36012

Google » Tensorflow
Versions from including (>=) 2.8.0 and before (<) 2.8.1
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions before (<) 2.7.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.9.0 and before (<) 2.9.1
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC1
cpe:2.3:a:google:tensorflow:2.10:rc1:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC2
cpe:2.3:a:google:tensorflow:2.10:rc2:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC3
cpe:2.3:a:google:tensorflow:2.10:rc3:*:*:*:*:*:*
Matching versions
Google » Tensorflow » Version: 2.10 Update RC0
cpe:2.3:a:google:tensorflow:2.10:rc0:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-36012

Exploit prediction scoring system (EPSS) score for CVE-2022-36012

CVSS scores for CVE-2022-36012

CWE ids for CVE-2022-36012

References for CVE-2022-36012

Products affected by CVE-2022-36012