CVE-2022-41902

Description

### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. ### Patches We have patched the issue in GitHub commit [a65411a1d69edfb16b25907ffb8f73556ce36bb7](https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7). The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

How to fix CVE-2022-41902

To remediate CVE-2022-41902, upgrade the affected package to a fixed version below.

• —upgrade to 2.8.4 or later
• —upgrade to 2.8.4 or later
• —upgrade to 2.8.4 or later
• —upgrade to 2.8.4 or later

Is CVE-2022-41902 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

• from 0, < 2.8.4, >= 2.9.0, < 2.9.3, >= 2.10.0, < 2.10.1
• from 0, < 2.8.4
• from 0, < 2.8.4
• from 0, < 2.8.4

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-41902
• PATCHgithub.com/tensorflow/tensorflow
• WEBgithub.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221
• WEBgithub.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7