Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_TENSORFLOW_CVE-2022-41891.NASLHistoryMar 20, 2023 - 12:00 a.m.
CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41891)
2023-03-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41891 advisory.
- TensorFlow is an open source platform for machine learning. If
tf.raw_ops.TensorListConcatis givenelement_shape=[], it results segmentation fault which can be used to trigger a denial of service attack.
We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. (CVE-2022-41891)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(172943);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/29");
script_cve_id("CVE-2022-41891");
script_name(english:"CBL Mariner 2.0 Security Update: tensorflow (CVE-2022-41891)");
script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2022-41891 advisory.
- TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given
`element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack.
We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be
included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and
TensorFlow 2.8.4, as these are also affected and still in supported range. (CVE-2022-41891)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-41891");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41891");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-tensorflow");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:tensorflow-debuginfo");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MarinerOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);
if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);
var pkgs = [
{'reference':'python3-tensorflow-2.11.0-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'tensorflow-debuginfo-2.11.0-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-tensorflow / tensorflow-debuginfo');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | cbl-mariner | python3-tensorflow | p-cpe:/a:microsoft:cbl-mariner:python3-tensorflow |
| microsoft | cbl-mariner | tensorflow-debuginfo | p-cpe:/a:microsoft:cbl-mariner:tensorflow-debuginfo |
| microsoft | cbl-mariner | x-cpe:/o:microsoft:cbl-mariner |
Related
prion
prion
Stack overflow
2022-11-18 22:15:00
cvelist
cvelist
CVE-2022-41891 Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow
2022-11-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-11-22 14:13:10
cnvd
cnvd
cbl_mariner
cbl_mariner
CVE-2022-41891 affecting package tensorflow for versions less than 2.11.0-1
2022-12-09 20:03:11
osv
osv
Segfault in `tf.raw_ops.TensorListConcat`
2022-11-21 20:42:18
BIT-tensorflow-2022-41891
2024-03-06 11:11:07
CVE-2022-41891
2022-11-18 22:15:16
cve
cve
CVE-2022-41891
2022-11-18 22:15:00
github
github
Segfault in `tf.raw_ops.TensorListConcat`
2022-11-21 20:42:18
ibm
ibm
nessus
nessus
TensorFlow < 2.10.1 Multiple Vulnerabilities
2024-05-20 00:00:00
TensorFlow < 2.9.3 Multiple Vulnerabilities
2024-05-24 00:00:00
Related for MARINER_TENSORFLOW_CVE-2022-41891.NASL