CVE-2022-23593
Description
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.309
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-23592,CVE-2022-23593 are fixed in Python-tensorflow 2.8.0 | Windows |
| Vulnerabilities CVE-2022-23592,CVE-2022-23593 are fixed in Python-tensorflow-cpu 2.8.0 | Windows |
| Vulnerabilities CVE-2022-23592,CVE-2022-23593 are fixed in Python-tensorflow-gpu 2.8.0 | Windows |
| Vulnerabilities CVE-2022-23592,CVE-2022-23593 are fixed in Python-tensorflow for linux 2.8.0 | Linux |
| Vulnerabilities CVE-2022-23592,CVE-2022-23593 are fixed in Python-tensorflow-cpu for linux 2.8.0 | Linux |
| Vulnerabilities CVE-2022-23592,CVE-2022-23593 are fixed in Python-tensorflow-gpu for linux 2.8.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234