admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#5820

Browse Source 
Auto-merge PR#5820
This commit is contained in:
CVE Team 2022-05-20 19:15:21 -04:00 committed by GitHub
commit fafdfb20a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 115 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
2022/29xxx/CVE-2022-29212.json
View File

@ -1,18 +1,127 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29212",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Core dump when loading TFLite models with quantization in TensorFlow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "< 2.6.4"
},
{
"version_value": ">= 2.7.0rc0, < 2.7.2"
},
{
"version_value": ">= 2.8.0rc0, < 2.8.1"
},
{
"version_value": ">= 2.9.0rc0, < 2.9.0"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792"
},
{
"name": "https://github.com/tensorflow/tensorflow/issues/43661",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/issues/43661"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8"
},
{
"name": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
}
]
},
"source": {
"advisory": "GHSA-8wwm-6264-x792",
"discovery": "UNKNOWN"
}
}