CVE-2022-29213

Summary

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

Affected Software

VendorProductVersion RangeStatus
tensorflowtensorflow< 2.6.4affected
tensorflowtensorflow>= 2.7.0rc0, < 2.7.2affected
tensorflowtensorflow>= 2.8.0rc0, < 2.8.1affected
tensorflowtensorflow>= 2.9.0rc0, < 2.9.0affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References