Vulnerability Name:

CVE-2022-23592 (CCN-218901)

Assigned:2022-02-02
Published:2022-02-02
Updated:2022-02-10
Summary:Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
CVSS v3 Severity:8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
7.3 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-125
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-23592

Source: XF
Type: UNKNOWN
tensorflow-cve202223592-code-exec(218901)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd

Source: CCN
Type: TensorFlow GIT Repository
Heap OOB access in RunForwardTypeInference

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492

Source: CCN
Type: IBM Security Bulletin 6564605 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Source: CCN
Type: IBM Security Bulletin 6988959 (Maximo Application Suite)
Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Source: CCN
Type: TensorFlow Web site
TensorFlow

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.7.0 and < 2.8.0)

    • Configuration CCN 1:
  • cpe:/a:google:tensorflow:1.3.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.3.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.4.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.4.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.5.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.5.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.6.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.1.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.2.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.2.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.0.1:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.0.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.12.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.0.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:1.15.3:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.0.2:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.4.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.7.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google tensorflow *
    google tensorflow 1.3.0 -
    google tensorflow 1.3.1
    google tensorflow 1.4.0 -
    google tensorflow 1.4.1
    google tensorflow 1.5.0 -
    google tensorflow 1.5.1
    google tensorflow 1.6.0 -
    google tensorflow 1.1.0 -
    google tensorflow 1.2.0 -
    google tensorflow 1.2.1
    google tensorflow 1.0.1
    google tensorflow 1.0.0 -
    google tensorflow 1.12.0 -
    google tensorflow 2.0.0 -
    google tensorflow 1.15.3
    google tensorflow 2.0.2
    google tensorflow 2.1.1
    tensorflow tensorflow 2.2.0
    tensorflow tensorflow 2.3.0
    google tensorflow 2.1.0 -
    google tensorflow 2.4.0 -
    google tensorflow 2.1.4
    google tensorflow 2.2.3
    google tensorflow 2.3.3
    google tensorflow 2.4.2
    google tensorflow 2.5.0 -
    google tensorflow 2.6.0 -
    google tensorflow 2.5.2
    google tensorflow 2.6.2
    google tensorflow 2.7.0 -
    ibm watson discovery 2.0.0
    ibm watson discovery 2.2.1
    ibm maximo application suite 8.8