Vulnerability Description
Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tensorflow | <= 2.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ExploitThird Party Advisory
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisorPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426fPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93edPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43PatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ExploitThird Party Advisory
- https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisorPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426fPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93edPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43PatchThird Party Advisory
FAQ
What is CVE-2022-23567?
CVE-2022-23567 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based d...
How severe is CVE-2022-23567?
CVE-2022-23567 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23567?
Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.