AI Threat Alert
CVE-2022-29211
MEDIUMTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
Severity & Risk
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc 3rd Party
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc 3rd Party
- github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5 Patch 3rd Party
- github.com/tensorflow/tensorflow/issues/45770 Exploit Issue Patch 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0 Release 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w Exploit Patch 3rd Party
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc 3rd Party
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc 3rd Party
- github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5 Patch 3rd Party
- github.com/tensorflow/tensorflow/issues/45770 Exploit Issue Patch 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1 Release 3rd Party
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0 Release 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w Exploit Patch 3rd Party