CVE-2022-23593

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector. The fix will be included in TensorFlow 2.8.0. This is the only affected version.

Published: Feb 5, 2022
Updated: May 9, 2024
CVE: CVE-2022-23593
GHSA: GHSA-gwcx-jrx4-92w2
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-754

Affected Software
References

Software	From	Fixed in
google / tensorflow	2.7.0	2.8.0
tensorflow	2.8.0-rc0	2.8.0-rc0.x
tensorflow	2.8.0-rc0	2.8.0
tensorflow-cpu	2.8.0-rc0	2.8.0-rc0.x
tensorflow-cpu	2.8.0-rc0	2.8.0
tensorflow-gpu	2.8.0-rc0	2.8.0-rc0.x
tensorflow-gpu	2.8.0-rc0	2.8.0

https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml
https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc#L149-L205
https://github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2

Vulnerability Database

289,784

CVE-2022-23593