PT-2023-20232 · Google · Tensorflow

R3Pwnx

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25670

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1

Description TensorFlow is an open source platform for machine learning. The issue is a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider disabling the QuantizedMatMulWithBiasAndDequantize function with MKL enabled until a patch is available.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

AZL-31214

AZL-35315

BIT-TENSORFLOW-2023-25670

CVE-2023-25670

GHSA-49RQ-HWC3-X77W

Produtos afetados

Tensorflow

PT-2023-20232 · Google · Tensorflow

CVE-2023-25670

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12