Home

CVE-2022-21731

Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concat_dim in the ConcatShapeHelper helper function. Then, a value for min_rank is computed based on concat_dim. This is then used to validate that the values tensor has at least the required rank. However, WithRankAtLeast receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that min_rank is a 32-bits value and the value of axis, the rank argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.303

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Python-tensorflow 2.5.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow 2.6.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow 2.7.1Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.5.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.6.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.7.1Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.5.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.6.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.7.1Windows
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.5.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.6.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.7.1Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.5.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.6.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.7.1Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.5.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.6.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.7.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234