← Retour aux CVEs

CVE-2022-29212

MEDIUM

5.5

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Details CVE

Score CVSS v3.15.5

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie5/21/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

google:tensorflow

Faiblesses (CWE)

CWE-20

References

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/issues/43661(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792(security-advisories@github.com)

https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/issues/43661(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.