CVE-2022-41910 – tensorflow-gpu

Package

Manager: pip
Name: tensorflow-gpu
Vulnerable Version: >=0 <2.8.4 || >=2.9.0 <2.9.3 || >=2.10.0 <2.10.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00199 pctl0.42094

Details

Heap overflow in `QuantizeAndDequantizeV2` ### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. ```python import tensorflow as tf @tf.function def test(): tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5], input_min=[1.0], input_max=[10.0], signed_input=True, num_bits=1, range_given=True, round_mode='HALF_TO_EVEN', narrow_range=True, axis=0x7fffffff) test() ``` ### Patches We have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb). The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

Metadata

Created: 2022-11-21T22:17:52Z
Modified: 2022-11-21T22:17:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-frqp-wp83-qggv/GHSA-frqp-wp83-qggv.json
CWE IDs: ["CWE-125"]
Alternative ID: GHSA-frqp-wp83-qggv
Finding: F111
Auto approve: 1