CVE-2022-29207 Undefined behavior when users supply invalid resource handles in TensorFlow

2022-05-2022:10:12

CWE-20

CWE-475

GitHub_M

www.cve.org

tensorflow

machine learning

resource handle vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.6.4"
      },
      {
        "status": "affected",
        "version": ">= 2.7.0rc0, < 2.7.2"
      },
      {
        "status": "affected",
        "version": ">= 2.8.0rc0, < 2.8.1"
      },
      {
        "status": "affected",
        "version": ">= 2.9.0rc0, < 2.9.0"
      }
    ]
  }
]