PT-2022-26138 · Google · Tensorflow
Neophytos Christou
·
Published
2022-11-18
·
Updated
2024-03-06
·
CVE-2022-41907
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.11
TensorFlow versions 2.10.1, 2.9.3, and 2.8.4
Description
The issue occurs when
tf.raw ops.ResizeNearestNeighborGrad is given a large size input, causing an overflow. This can be exploited with a specific input, such as size = tf.constant([1879048192,1879048192], shape=[2], dtype=tf.int32).Recommendations
For TensorFlow versions prior to 2.11, update to version 2.11 or later.
For TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, apply the patch from GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624.
As a temporary workaround, consider restricting the use of the
tf.raw ops.ResizeNearestNeighborGrad function with large size inputs until a patch is applied.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow