TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.SpaceToBatchND
(in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a CHECK
-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
{ "vanir_signatures": [ { "source": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "signature_version": "v1", "deprecated": false, "signature_type": "Line", "target": { "file": "tensorflow/core/kernels/spacetobatch_op.cc" }, "digest": { "line_hashes": [ "17718085908520515107325851092809267098", "100518190061585209743272272407313854375", "219576023251389293359837702686207124426", "84694306866138457362654534632095757784", "51372332237449159011864489942835790588", "274189993518247512168765481683543318053", "195534684524187407523107047399496492982", "112430630496530627995690967552695815665", "33117649505453962199405658304646998908", "106610045825724295510559805522878687420", "125575692645271117381956794172362760799", "273933688189289192062201521965133452768", "150260384742925615266140781595949429103", "284571824162753493148410510495409575183", "331963711679278445960732951144560447117", "218585203851727535600856806338065858775", "150672828458825547610171688233933951646", "118345193977764138620240676688526042316", "80069495370107174864122275041983046009" ], "threshold": 0.9 }, "id": "CVE-2022-29203-22c2eb8b" }, { "source": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "signature_version": "v1", "deprecated": false, "signature_type": "Function", "target": { "file": "tensorflow/core/framework/shape_inference.cc", "function": "InferenceContext::Multiply" }, "digest": { "function_hash": "244608232376349290355275370198825272882", "length": 673.0 }, "id": "CVE-2022-29203-4ccf78a3" }, { "source": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "signature_version": "v1", "deprecated": false, "signature_type": "Function", "target": { "file": "tensorflow/compiler/tf2xla/kernels/spacetobatch_op.cc", "function": "SpaceToBatch" }, "digest": { "function_hash": "11519380059127676155829356355540856491", "length": 2946.0 }, "id": "CVE-2022-29203-72788656" }, { "source": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "signature_version": "v1", "deprecated": false, "signature_type": "Function", "target": { "file": "tensorflow/core/kernels/spacetobatch_op.cc", "function": "SpaceToBatchOpCompute" }, "digest": { "function_hash": "311557338129562187630573912197409089867", "length": 3701.0 }, "id": "CVE-2022-29203-99d3fd22" }, { "source": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "signature_version": "v1", "deprecated": false, "signature_type": "Line", "target": { "file": "tensorflow/compiler/tf2xla/kernels/spacetobatch_op.cc" }, "digest": { "line_hashes": [ "180931306337023767081292087613466298962", "50742862269200454104534819673739982137", "118517565880425433876754403540691906058", "202062702390424477015856265284857277273", "248716087921289306879161593799308882201", "152995802069657011399118940642630662232", "129470876752129267078572594184059292075", "24886298497828954109026485075299783837", "237955875609890945008376412736518577137", "292531565003349466933507066103911653471", "160786535535478670681132414188677668449", "9082738128263018614241009073271097751", "62347839365166248092989209599749666136", "2745340606011281618657879117146825926", "323480060254551625087190847870356846202", "54912044755040583884144205162831626854", "7138437991244903286287711919486798518", "28583145229833160004125826387923437348", "208521765559288840760924969878955473012", "76263909524580169897990506459677848762", "205344369897553234786474683217369267816", "156397671296120044247697265854916406925", "284076562308781589796780044997315142642" ], "threshold": 0.9 }, "id": "CVE-2022-29203-a82455f3" }, { "source": "https://github.com/tensorflow/tensorflow/commit/acd56b8bcb72b163c834ae4f18469047b001fadf", "signature_version": "v1", "deprecated": false, "signature_type": "Line", "target": { "file": "tensorflow/core/framework/shape_inference.cc" }, "digest": { "line_hashes": [ "163200288079871937361632418310663185541", "133096278431153779393909512307039290929", "319767082537894838227723998957548553946", "139785361767140929825706846173804984323", "300551714494120540444413724295513711717", "158348036416159102080705256765102653211", "326821126047948735940996775343904925400", "19029843005429777095249604076239156568" ], "threshold": 0.9 }, "id": "CVE-2022-29203-aa10613e" } ] }