TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123 | Third Party Advisory |
https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8 | Patch Third Party Advisory |
https://github.com/tensorflow/tensorflow/issues/43661 | Exploit Issue Tracking Third Party Advisory |
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 | Release Notes Third Party Advisory |
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 | Release Notes Third Party Advisory |
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 | Release Notes Third Party Advisory |
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 | Release Notes Third Party Advisory |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792 | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Jun 2022, 15:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:* cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123 - Third Party Advisory | |
References | (MISC) https://github.com/tensorflow/tensorflow/issues/43661 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792 - Exploit, Patch, Third Party Advisory |
21 May 2022, 03:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-21 00:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-29212
Mitre link : CVE-2022-29212
CVE.ORG link : CVE-2022-29212
JSON object : View
Products Affected
- tensorflow
CWE
CWE-20
Improper Input Validation