Google TensorFlow prior 2.8.4/2.9.3/2.10.1 BCast::ToShape type conversion

CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.1 | $0-$5k | 0.00 |
A vulnerability was found in Google TensorFlow (Artificial Intelligence Software) and classified as problematic. This issue affects the function BCast::ToShape
. The manipulation with an unknown input leads to a type conversion vulnerability. Using CWE to declare the problem leads to CWE-704. The software does not correctly convert an object, resource, or structure from one type to a different type. Impacted is availability. The summary by CVE is:
TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
The weakness was presented 11/19/2022 as GHSA-h246-cgh4-7475. The advisory is shared at github.com. The identification of this vulnerability is CVE-2022-41890 since 09/30/2022. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/20/2022).
Upgrading to version 2.8.4, 2.9.3 or 2.10.1 eliminates this vulnerability. Applying the patch 8310bf8dd188ff780e7fc53245058215a05bdbe5 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Product
Type
Vendor
Name
License
- free
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 5.1
VulDB Base Score: 3.1
VulDB Temp Score: 3.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔒
CNA Base Score: 4.8
CNA Vector (GitHub, Inc.): 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Type conversionCWE: CWE-704
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: TensorFlow 2.8.4/2.9.3/2.10.1
Patch: 8310bf8dd188ff780e7fc53245058215a05bdbe5
Timeline
09/30/2022 CVE reserved11/19/2022 Advisory disclosed
11/19/2022 VulDB entry created
12/20/2022 VulDB last update
Sources
Vendor: google.comAdvisory: GHSA-h246-cgh4-7475
Status: Confirmed
CVE: CVE-2022-41890 (🔒)
Entry
Created: 11/19/2022 08:34 AMUpdated: 12/20/2022 01:40 PM
Changes: 11/19/2022 08:34 AM (53), 12/20/2022 01:40 PM (12)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.