CVE-2023-25673 : Security Advisory and Response

This CVE-2023-25673 involves a vulnerability found in TensorFlow related to a Floating Point Exception in TensorListSplit with XLA.

Understanding CVE-2023-25673

This section will provide an overview of the CVE-2023-25673 vulnerability in TensorFlow.

What is CVE-2023-25673?

TensorFlow, an open-source platform for machine learning, is impacted by this vulnerability in versions prior to 2.12.0 and 2.11.1. The issue lies in the Floating Point Exception in TensorListSplit with XLA. A resolution has been implemented in TensorFlow version 2.12.0 and version 2.11.1.

The Impact of CVE-2023-25673

The impact of this vulnerability is rated as high, with a base score of 7.5. It has a high availability impact, affecting the integrity of the system. The attack vector is through the network and requires low attack complexity.

Technical Details of CVE-2023-25673

In this section, we delve into the technical aspects of CVE-2023-25673.

Vulnerability Description

The vulnerability involves a Floating Point Exception in TensorListSplit with XLA in TensorFlow versions prior to 2.12.0 and 2.11.1.

Affected Systems and Versions

Vendor: TensorFlow
Product: TensorFlow
Affected Versions:
Version < 2.11.1: Status - Affected

Exploitation Mechanism

The vulnerability can be exploited through the network with low attack complexity, leading to a high impact on system availability.

Mitigation and Prevention

To address and prevent the risks associated with CVE-2023-25673, follow these mitigation strategies.

Immediate Steps to Take

Update TensorFlow to version 2.12.0 or version 2.11.1 to apply the fix for the Floating Point Exception in TensorListSplit with XLA.

Long-Term Security Practices

Regularly monitor security advisories and updates from TensorFlow to stay informed about potential vulnerabilities.

Patching and Updates

Maintain a proactive approach to patching by promptly applying updates and fixes released by TensorFlow to mitigate the risk of such vulnerabilities.