Lucene search

K
ibmIBM667A5B759A22A7845490952492555B2445F3790EDD8D74BA148189176EC75F2B
HistoryJan 30, 2023 - 5:17 p.m.

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

2023-01-3017:17:48
www.ibm.com
30
ibm watson discovery
cloud pak for data
tensorflow vulnerability
denial of service
heap-based buffer overflow
remote attacker
authenticated
cve-2022-41910
cve-2022-41889
cve-2022-41895
cve-2022-41888
cve-2022-41880
cve-2022-41897

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.4%

Summary

IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow.

Vulnerability Details

CVEID:CVE-2022-41910
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the MakeGrapplerFunctionItem function in QuantizeAndDequantizeV2. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41889
**DESCRIPTION:**TensorFlowis vulnerable to a denial of service, caused by a segfault in the pywrap_tfe_src.cc function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41895
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in the MirrorPadGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240391 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41888
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a FPE in the tf.image.generate_bounding_box_proposals function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240385 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41880
**DESCRIPTION:**TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw when receiving a value in true_classes larger than range_max in the BaseCandidateSamplerOp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240379 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H)

CVEID:CVE-2022-41897
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in the FractionalMaxPoolGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240393 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41893
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK_EQ fail in the tf.raw_ops.TensorListResize function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240389 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41909
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by segmentation fault in tf.raw_ops.CompositeTensorVariantToComponents function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240399 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41899
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK fail via inputs in the SdcaOptimizer function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240395 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41901
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK_EQ fail via inputs in the SparseMatrixNNZ function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240400 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41896
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the tf.raw_ops.Mfcc function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240392 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41911
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by invalid char to bool conversion when printing a tensor. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240401 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41894
**DESCRIPTION:**TensorFlow is vulnerable to a buffer overflow, caused by improper bounds checking by the CONV_3D_TRANSPOSE function on TFLite. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240390 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-41907
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by a buffer overflow in the tf.raw_ops.ResizeNearestNeighborGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240396 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41898
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK fail via inputs in the SparseFillEmptyRowsGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240394 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41890
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK` fail in BCast overflow. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240387 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41900
**DESCRIPTION:**TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write flaw in the FractionalMaxPool and FractionalAvgPool functions. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-41884
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segment fault in the ndarray_tensor_bridge function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240381 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41908
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by a β€˜CHECK’ fail in tf.raw_ops.PyFunc. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41887
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the tf.keras.losses.poisson function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240384 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41891
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segment fault in the tf.raw_ops.TensorListConcat function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240388 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41886
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the ImageProjectiveTransformV2 function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240383 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41902
**DESCRIPTION:**TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in MakeGrapplerFunctionItem function in grappler. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241459 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-41883
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds segment fault in the DynamicStitchimproper function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause the executor will crash, and results in a denial of service condition.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240380 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H)

**IBM X-Force ID:**240891
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK fail in TensorListScatter and TensorListScatterV2 functions in eager mode. By supplying non scalar inputs in element_shape, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240891 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.6.0

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.6.2 <https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_queryMatch4.0.0
OR
ibmwatson_queryMatch4.6.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.4%

Related for 667A5B759A22A7845490952492555B2445F3790EDD8D74BA148189176EC75F2B