CVE-2022-29204
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Published
2022-05-20T23:15:44.610
Last Modified
2025-06-25T21:00:03.170
Status
Analyzed
Source
[email protected]
Severity
CVSSv3.1: 5.5 (MEDIUM)
CVSSv2 Vector
AV:L/AC:L/Au:N/C:N/I:N/A:P
- Access Vector: LOCAL
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: PARTIAL
Exploitability Score
3.9
Impact Score
2.9
Weaknesses
-
Type: Secondary
CWE-20
CWE-191
-
Type: Primary
CWE-20
Affected Vendors & Products
References
-
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14
Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md
Patch, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147
Patch, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943
Patch, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg
Exploit, Patch, Third Party Advisory
([email protected])
-
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14
Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md
Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/commit/20cb18724b0bf6c09071a3f53434c4eec53cc147
Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/commit/84563f265f28b3c36a15335c8b005d405260e943
Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx9q-2mx4-m4pg
Exploit, Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)