AI Threat Alert
CVE-2022-29209
MEDIUMTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`,...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
Severity & Risk
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h 3rd Party
- github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1 Patch 3rd Party
- github.com/tensorflow/tensorflow/issues/55530 Exploit Issue 3rd Party
- github.com/tensorflow/tensorflow/pull/55730 Exploit Issue Patch 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0 Release 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw Exploit Patch 3rd Party
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h 3rd Party
- github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1 Patch 3rd Party
- github.com/tensorflow/tensorflow/issues/55530 Exploit Issue 3rd Party
- github.com/tensorflow/tensorflow/pull/55730 Exploit Issue Patch 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0 Release 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-f4rr-5m7v-wxcw Exploit Patch 3rd Party