CVE-2022-41910
Heap overflow in `QuantizeAndDequantizeV2`
Description
### Impact The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. ```python import tensorflow as tf @tf.function def test(): tf.raw_ops.QuantizeAndDequantizeV2(input=[2.5], input_min=[1.0], input_max=[10.0], signed_input=True, num_bits=1, range_given=True, round_mode='HALF_TO_EVEN', narrow_range=True, axis=0x7fffffff) test() ``` ### Patches We have patched the issue in GitHub commit [7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb). The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.
How to fix CVE-2022-41910
To remediate CVE-2022-41910, upgrade the affected package to a fixed version below.
- —upgrade to 2.8.4 or later
- —upgrade to 2.8.4 or later
- —upgrade to 2.8.4 or later
- —upgrade to 2.8.4 or later
Is CVE-2022-41910 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.