CVE-2022-29209 — MEDIUM (5.5)

Q: How severe is CVE-2022-29209?

CVE-2022-29209 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29209?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.

Vulnerability Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Tensorflow	< 2.6.4

Related Weaknesses (CWE)

CWE-843

References

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce8Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dcPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/issues/55530ExploitIssue TrackingThird Party Advisory
https://github.com/tensorflow/tensorflow/pull/55730ExploitIssue TrackingPatch
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4Release NotesThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2Release NotesThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1Release NotesThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0Release NotesThird Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcwExploitPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce8Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dcPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/issues/55530ExploitIssue TrackingThird Party Advisory
https://github.com/tensorflow/tensorflow/pull/55730ExploitIssue TrackingPatch
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4Release NotesThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2Release NotesThird Party Advisory

FAQ

What is CVE-2022-29209?

CVE-2022-29209 is a vulnerability with a CVSS score of 5.5 (MEDIUM). TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc....

How severe is CVE-2022-29209?

CVE-2022-29209 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29209?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.