Vulnerability Name:

CVE-2022-21726 (CCN-218770)

Assigned:2021-11-16
Published:2022-02-02
Updated:2022-02-08
Summary:Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-125
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-21726

Source: XF
Type: UNKNOWN
tensorflow-cve202221726-dos(218770)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/dequantize_op.cc#L92-L153

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943

Source: CCN
Type: TensorFlow GIT Repository
Heap OOB access in Dequantize

Source: CONFIRM
Type: Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72

Source: CCN
Type: IBM Security Bulletin 6564605 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Source: CCN
Type: TensorFlow Web site
TensorFlow

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version <= 2.5.2)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.6.0 and <= 2.6.2)
  • OR cpe:/a:google:tensorflow:2.7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:tensorflow:1.3.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.3.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.4.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.4.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.5.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.5.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.6.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.1.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.2.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.0.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.0.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.12.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.0.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.15.3:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.0.2:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.4.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google tensorflow *
    google tensorflow *
    google tensorflow 2.7.0
    google tensorflow 1.3.0 -
    google tensorflow 1.3.1
    google tensorflow 1.4.0 -
    google tensorflow 1.4.1
    google tensorflow 1.5.0 -
    google tensorflow 1.5.1
    google tensorflow 1.6.0 -
    google tensorflow 1.1.0 -
    google tensorflow 1.2.0 -
    google tensorflow 1.2.1
    google tensorflow 1.0.1
    google tensorflow 1.0.0 -
    google tensorflow 1.12.0 -
    google tensorflow 2.0.0 -
    google tensorflow 1.15.3
    google tensorflow 2.0.2
    google tensorflow 2.1.1
    tensorflow tensorflow 2.2.0
    tensorflow tensorflow 2.3.0
    google tensorflow 2.1.0 -
    google tensorflow 2.4.0 -
    google tensorflow 2.1.4
    google tensorflow 2.2.3
    google tensorflow 2.3.3
    google tensorflow 2.4.2
    google tensorflow 2.5.0 -
    google tensorflow 2.6.0 -
    google tensorflow 2.5.2
    google tensorflow 2.6.2
    google tensorflow 2.7.0
    ibm watson discovery 2.0.0
    ibm watson discovery 2.2.1