CVE-2022-29210

{"id": "CVE-2022-29210", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-05-21T00:15:11.583", "references": [{"url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/framework/tensor_key.h#L53-L64", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/commit/1b85a28d395dc91f4d22b5f9e1e9a22e92ccecd6", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hc2f-7r5r-r2hg", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1."}, {"lang": "es", "value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En la versi\u00f3n 2.8.0, la funci\u00f3n hash \"TensorKey\" usaba el total estimado de \"AllocatedBytes()\", que (a) es una estimaci\u00f3n por tensor, y (b) es una funci\u00f3n hash muy pobre para constantes (por ejemplo, \"int32_t\"). Tambi\u00e9n intent\u00f3 acceder a bytes individuales del tensor mediante \"tensor.data()\" de tama\u00f1o \"AllocatedBytes()\". Esto conllevaba a fallos de ASAN porque \"AllocatedBytes()\" es una estimaci\u00f3n del total de bytes asignados por un tensor, incluyendo cualquier construcci\u00f3n apuntada (por ejemplo, cadenas), y no es referido a bytes contiguos en el buffer \".data()\". Los detectores no pod\u00edan usar este vector de bytes de todos modos porque tipos como \"tstring\" incluyen punteros, mientras que ellos necesitaban hacer un hash de los valores de las cadenas por s\u00ed mismos. Este problema est\u00e1 parcheado en Tensorflow versiones 2.9.0 y 2.8.1"}], "lastModified": "2023-06-28T20:26:37.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3684238-B1B8-4134-9FED-8A3733E1F39B"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}