Home

CVE-2022-29194

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.072

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Python-tensorflow 2.6.4Windows
Multiple vulnerabilities are fixed in Python-tensorflow 2.7.2Windows
Multiple vulnerabilities are fixed in Python-tensorflow 2.8.1Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.6.4Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.7.2Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.8.1Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.6.4Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.7.2Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.8.1Windows
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.6.4Linux
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.7.2Linux
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.8.1Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.6.4Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.7.2Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.8.1Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.6.4Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.7.2Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.8.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234