CVE-2022-29203 : Security Advisory and Response
Learn about CVE-2022-29203 impacting TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 due to an integer overflow vulnerability in `SpaceToBatchND`.
TensorFlow is an open-source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of
tf.raw_ops.SpaceToBatchNDCHECKUnderstanding CVE-2022-29203
This CVE impacts TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 due to an integer overflow vulnerability in the implementation of
SpaceToBatchNDWhat is CVE-2022-29203?
The vulnerability in
SpaceToBatchNDThe Impact of CVE-2022-29203
With a CVSS 3.1 base score of 5.5 (Medium severity), this vulnerability has a low attack complexity and requires local access. It can result in high availability impact and does not affect confidentiality or integrity.
Technical Details of CVE-2022-29203
Vulnerability Description
The vulnerability is an integer overflow in the implementation of
SpaceToBatchNDCHECKAffected Systems and Versions
- TensorFlow versions < 2.6.4
- TensorFlow versions >= 2.7.0rc0, < 2.7.2
- TensorFlow versions >= 2.8.0rc0, < 2.8.1
- TensorFlow versions >= 2.9.0rc0, < 2.9.0
Exploitation Mechanism
Attackers can exploit the integer overflow in
SpaceToBatchNDMitigation and Prevention
It is crucial to take immediate steps to address and prevent exploitation of CVE-2022-29203.
Immediate Steps to Take
Users should update their TensorFlow installations to versions 2.9.0, 2.8.1, 2.7.2, or 2.6.4 that contain patches for the integer overflow vulnerability.
Long-Term Security Practices
Regularly update TensorFlow to the latest version to ensure that known vulnerabilities are patched promptly.
Patching and Updates
Stay informed about security advisories and update TensorFlow promptly whenever new patches are released.