CVE-2022-23593
Segfault in `simplifyBroadcast` in Tensorflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version.
Tensorflow es un Marco de Aprendizaje Automático de Código Abierto. La función "simplifyBroadcast" en la infraestructura MLIR-TFRT en TensorFlow es vulnerable a un segfault (por lo tanto, denegación de servicio), si es llamado con formas escalares. Si todas las formas son escalares, entonces "maxRank" es 0, por lo que construimos un "SmallVector" vacío. La corrección será incluida en TensorFlow versión 2.8.0. Esta es la única versión afectada
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-02-04 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.7.0 < 2.8.0 Search vendor "Google" for product "Tensorflow" and version " >= 2.7.0 < 2.8.0" | - |
Affected
| ||||||