CVE-2022-21728 — HIGH (8.1)

Q: How severe is CVE-2022-21728?

CVE-2022-21728 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-21728?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.

Vulnerability Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Tensorflow	<= 2.5.2

Related Weaknesses (CWE)

CWE-125

References

https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ExploitThird Party Advisory
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ExploitThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406cPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8PatchThird Party Advisory
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ExploitThird Party Advisory
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ExploitThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406cPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8PatchThird Party Advisory

FAQ

What is CVE-2022-21728?

CVE-2022-21728 is a vulnerability with a CVSS score of 8.1 (HIGH). Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read....

How severe is CVE-2022-21728?

CVE-2022-21728 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-21728?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.