CVE-2022-21736

Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

How to fix CVE-2022-21736

To remediate CVE-2022-21736, upgrade the affected package to a fixed version below.

• —upgrade to 2.5.3 or later
• —upgrade to 2.5.3 or later
• —upgrade to 2.5.3 or later
• —upgrade to 965b97e4a9650495cda5a8c210ef6684b4b9eceb or later
• —upgrade to 2.5.3 or later
• —upgrade to 965b97e4a9650495cda5a8c210ef6684b4b9eceb or later

Is CVE-2022-21736 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (6)

• from 0, < 2.5.3, >= 2.6.0, < 2.6.3, >= 2.7.0, < 2.7.1
• from 0, < 2.5.3
• from 0, < 2.5.3
• from 0, < 965b97e4a9650495cda5a8c210ef6684b4b9eceb | from 0, < 2.5.3, >= 2.6.0, < 2.6.3
• from 0, < 2.5.3
• from 0, < 965b97e4a9650495cda5a8c210ef6684b4b9eceb | from 0, < 2.5.3, >= 2.6.0, < 2.6.3

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-21736
• PATCHgithub.com/tensorflow/tensorflow
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-60.yaml
• WEBgithub.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-115.yaml