A vulnerability was found in Google TensorFlow (Artificial Intelligence Software) and classified as problematic. This issue affects the function BCast::ToShape. The manipulation with an unknown input leads to a type conversion vulnerability. Using CWE to declare the problem leads to CWE-704. The software does not correctly convert an object, resource, or structure from one type to a different type. Impacted is availability. The summary by CVE is:

TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

The weakness was presented 11/19/2022 as GHSA-h246-cgh4-7475. The advisory is shared at github.com. The identification of this vulnerability is CVE-2022-41890 since 09/30/2022. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/20/2022).

Upgrading to version 2.8.4, 2.9.3 or 2.10.1 eliminates this vulnerability. Applying the patch 8310bf8dd188ff780e7fc53245058215a05bdbe5 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Productinfo

Type

• Artificial Intelligence Software

Vendor

• Google

Name

• TensorFlow

License

• free

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion