CVE-2022-41900

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow::::::::
	cpe:2.3:a:google:tensorflow:2.10.0:::::::*

History

23 Nov 2022, 13:35

Type	Values Removed	Values Added
First Time		Google tensorflow Google
CPE		cpe:2.3:a:google:tensorflow:2.10.0:::::::* cpe:2.3:a:google:tensorflow::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(CONFIRM) https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472 -~~	(CONFIRM) https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472 - Exploit, Patch, Third Party Advisory
References	~~(MISC) https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48 -~~	(MISC) https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48 - Patch, Third Party Advisory

18 Nov 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-18 22:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-41900

Mitre link : CVE-2022-41900

CVE.ORG link : CVE-2022-41900

JSON object : View

Products Affected

google

tensorflow

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-41900", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-11-18T22:15:20.273", "references": [{"url": "https://github.com/tensorflow/tensorflow/commit/216525144ee7c910296f5b05d214ca1327c9ce48", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution. We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cherry pick this commit on TensorFlow 2.10.1."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para aprendizaje autom\u00e1tico. La vulnerabilidad de seguridad da como resultado un grupo FractionalMax(AVG) con una relaci\u00f3n de agrupaci\u00f3n ilegal. Los atacantes que utilizan Tensorflow pueden aprovechar la vulnerabilidad. Pueden acceder a la memoria del mont\u00f3n que no est\u00e1 bajo el control del usuario, lo que provoca un bloqueo o la ejecuci\u00f3n remota de c\u00f3digo. Hemos solucionado el problema en el commit de GitHub 216525144ee7c910296f5b05d214ca1327c9ce48. La soluci\u00f3n se incluir\u00e1 en TensorFlow 2.11.0. Tambi\u00e9n seleccionaremos este commit en TensorFlow 2.10.1."}], "lastModified": "2022-11-23T13:35:44.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A694EEE1-BFB9-4E6C-B275-02DC2731961C", "versionEndExcluding": "2.8.4"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9057B403-719C-4F10-BAB6-67F84786A89E", "versionEndExcluding": "2.9.3", "versionStartIncluding": "2.9.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:2.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AE6CFC4-0232-4E1C-960D-268C87788735"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}