CVE-2022-21728 — Out-of-bounds Read in Intel Optimization FOR Tensorflow

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

8.1HIGHNVD

EPSS

1.1%

top 22.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Optimization FOR Tensorflow Google Tensorflow

Timeline

PublishedFeb 3

Latest updateFeb 9

Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negativ…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶PyPIintel/optimization_for_tensorflow2.6.0 — 2.6.3+2

▶NVDgoogle/tensorflow2.6.0 — 2.6.2+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Out of bounds read in Tensorflow↗2022-02-09

▶

OSV

Out of bounds read in Tensorflow↗2022-02-09

▶

CVEList

Out of bounds read in Tensorflow↗2022-02-03

▶

OSV

CVE-2022-21728: Tensorflow is an Open Source Machine Learning Framework↗2022-02-03

▶

📋Vendor Advisories

Debian

CVE-2022-21728: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of s...↗2022

▶