CVE-2022-21725
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-21725
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21725.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-21725
- Aliases
- Downstream
- Related
- Published
- 2022-02-03T12:21:02Z
- Modified
- 2025-11-28T04:49:36.327204Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Division by zero in Tensorflow
- Details
-
Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21725.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21725.json
- https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198
- https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f
- https://nvd.nist.gov/vuln/detail/CVE-2022-21725
Affected packages
Git / github.com/tensorflow/tensorflow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tensorflow/tensorflow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.12.0-rc0
0.12.0-rc1
0.12.1
0.5.0
0.6.0
v0.*
v0.10.0
v0.10.0rc0
v0.11.0
v0.11.0rc0
v0.11.0rc1
v0.11.0rc2
v0.12.0
v0.7.0
v0.7.1
v0.8.0rc0
v0.9.0
v0.9.0rc0
v1.*
v1.0.0
v1.0.0-alpha
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.1.0
v1.1.0-rc0
v1.1.0-rc1
v1.1.0-rc2
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.3.0-rc0
v1.3.0-rc1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.9.0
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21725.json"
vanir_signatures
[
{
"target": {
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-0203f8c3",
"digest": {
"line_hashes": [
"29833062081792161666005548017870540707",
"173936579719720292403623256344268395905",
"29160783919781677157968160320488505638",
"46641724053112140644611597132945207883",
"261270657023905031731651365465194925928",
"105486346789585895539336437586888072762",
"289327973071283131489257969913949164450",
"76516525785390465010313759252182543601",
"284127014168270331662102107889152591197",
"178395313312912296623329868574203817479",
"287135384709820192118351208362599442661",
"317441998762747727523661160254998205124",
"41170625725517448520778338199456765981",
"198827970660448144038181471784394097209",
"104926503999769377536160945162331114012",
"37634970173969770557892736494643445151",
"210882890693252372670126435166051300183",
"305877696380064233814483710788752099459",
"284127014168270331662102107889152591197",
"178395313312912296623329868574203817479",
"76960101022723909949595145506632015511",
"221687124531385363322685673456230569300",
"217354339717986963618002739411304571180",
"144204172908090216876006948281603249115",
"252348079102387377181133407069772359977",
"337260350130759872171546754530353032013",
"40083840401807088813406546839261308202",
"171588677440116069165806940283230154073",
"309714159776918146402144475873568820613",
"178395313312912296623329868574203817479",
"146009143620014892714354756175184375397",
"105155588636108355300634373854351623741",
"83209365193850483367099275848526192971",
"309714159776918146402144475873568820613",
"261537981841210438032137704090620271120",
"35924052532745877776035581383402468909",
"313733131701288456125085628937097868766",
"95575575759014163078259649189584545979"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator_test.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-11c3562b",
"digest": {
"line_hashes": [
"170921164422964488441798060621330450275",
"145087031434086507939685739161668472403",
"98464348392772009462966547162584737076",
"307029448815549509720744458272872301202",
"191204749889529602958131077545402679268",
"43669945047802472791772651896176668023",
"222728328781793330892851667201763481581",
"105632016627331921405653063340771650504",
"220573370481956621355143353405400854134",
"101574743412873227531523169465394456563",
"162037738811328696453812074915264864362",
"94138663486816938200824806803787331483",
"21651903506955478926663283409209610081",
"18641428060585684971749251688927803447",
"309533070058805447338857445006417086587",
"84312093704981084948134231666715176423"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::PredictMaxPoolGrad",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-1fc1cb68",
"digest": {
"length": 1228.0,
"function_hash": "54919895359600835365622889974832359897"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::PredictAvgPool",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-31c1862e",
"digest": {
"length": 862.0,
"function_hash": "151710292831597662859289626391140167822"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.h"
},
"deprecated": false,
"id": "CVE-2022-21725-450ea0f9",
"digest": {
"line_hashes": [
"125260892401503456755454313376142544305",
"39520042007943423542711692751575181984",
"335449050479408137004993200710478089835",
"287587699119703991754319260955399474387"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::PredictFusedBatchNorm",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-589e0555",
"digest": {
"length": 1194.0,
"function_hash": "35166802586136732026005820364185328363"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::PredictFusedBatchNormGrad",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-5c3da66e",
"digest": {
"length": 934.0,
"function_hash": "21973334131829332070769834111565466465"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::OpDimensionsFromInputs",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-6f99050f",
"digest": {
"length": 1138.0,
"function_hash": "79878792015345273602995296816439114011"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::PredictAvgPoolGrad",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-8c30f61b",
"digest": {
"length": 1017.0,
"function_hash": "74450886094222473559020773226200763292"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "OpLevelCostEstimator::PredictMaxPool",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-951b24cd",
"digest": {
"length": 919.0,
"function_hash": "45069419865403132480880467420472822772"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
},
{
"target": {
"function": "ValidateOpDimensionsFromInputs",
"file": "tensorflow/core/grappler/costs/op_level_cost_estimator_test.cc"
},
"deprecated": false,
"id": "CVE-2022-21725-e3406382",
"digest": {
"length": 1518.0,
"function_hash": "14898863193808163729554561967569096668"
},
"signature_type": "Function",
"source": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a",
"signature_version": "v1"
}
]