Vulnerability Name:

CVE-2022-29208 (CCN-227127)

Assigned:2022-05-17
Published:2022-05-17
Updated:2022-06-03
Summary:TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
CVSS v3 Severity:7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-29208

Source: XF
Type: UNKNOWN
tensorflow-cve202229208-dos(227127)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0

Source: CCN
Type: TensorFlow GIT Repository
Segfault and OOB write due to incomplete validation in `EditDistance`

Source: CONFIRM
Type: Exploit, Patch, Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr

Source: CCN
Type: IBM Security Bulletin 6598705 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Source: CCN
Type: IBM Security Bulletin 6988959 (Maximo Application Suite)
Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Source: CCN
Type: TensorFlow Web site
TensorFlow

Vulnerable Configuration:Configuration 1:
  • cpe:/a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version >= 2.7.0 and < 2.7.2)
  • OR cpe:/a:google:tensorflow:*:*:*:*:*:*:*:* (Version < 2.6.4)
  • OR cpe:/a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.8.0:-:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:google:tensorflow:1.15.3:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.0.2:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.1:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.2.0:*:*:*:-:*:*:*
  • OR cpe:/a:tensorflow:tensorflow:2.3.0:*:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.4.0:-:*:*:-:*:*:*
  • OR cpe:/a:google:tensorflow:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:google:tensorflow:2.7.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    google tensorflow 2.7.0 rc1
    google tensorflow 2.7.0 rc0
    google tensorflow *
    google tensorflow *
    google tensorflow 2.8.0 rc0
    google tensorflow 2.8.0 rc1
    google tensorflow 2.9.0 rc1
    google tensorflow 2.9.0 rc0
    google tensorflow 2.8.0 -
    google tensorflow 1.15.3
    google tensorflow 2.0.2
    google tensorflow 2.1.1
    tensorflow tensorflow 2.2.0
    tensorflow tensorflow 2.3.0
    google tensorflow 2.1.0 -
    google tensorflow 2.4.0 -
    google tensorflow 2.1.4
    google tensorflow 2.2.3
    google tensorflow 2.3.3
    google tensorflow 2.4.2
    google tensorflow 2.5.0 -
    google tensorflow 2.6.0 -
    google tensorflow 2.5.2
    google tensorflow 2.6.2
    google tensorflow 2.7.0 -
    ibm maximo application suite 8.8