IBM Support

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Security Bulletin


Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow.

Vulnerability Details

CVEID:   CVE-2022-21741
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero condition in the implementation of depthwise convolutions in TFLite. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21738
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow condition in the implementation of SparseCountSparseOutput. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218743 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21734
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in MapStage if the key tensor is not scalar. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21730
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in FractionalAvgPoolGrad. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218766 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-21729
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide by zero error in UnravelIndex. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218767 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21727
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow in Dequantize. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218769 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23567
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in Sparse*Cwise when building new TensorShape objects. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218739 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21737
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in the implementation of *Bincount operations. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21733
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by missing validation in pad_witdh. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218756 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21732
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by excessive memory allocation in ThreadPoolHandle. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218757 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-23569
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218736 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21728
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in ReverseSequence. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-21726
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in Dequantize. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218770 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-21740
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of SparseCountSparseOutput. By sending a specially-crafted HTTP request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-21736
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in SparseTensorSliceDataset. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218753 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-21735
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero error in FractionalMaxPool. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21731
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the shape inference for ConcatV2. A remote authenticated attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218765 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23568
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in AddManySparseToTensorsMap when building new TensorShape objects. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218737 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21725
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero error in the estimator for the cost of some convolution operations. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218771 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21739
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a reference binding to a null pointer in the implementation of QuantizedMaxPool. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218742 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23581
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a'CHECK' failure. By sending a specially-crafted request with an altered SavedModel (IsSimplifiableReshape), a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218966 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23595
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference when building an XLA compilation cache using default settings. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218893 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23577
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in the implementation of GetInitOp. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23587
DESCRIPTION:   TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow during cost estimation for crop and resize operations. By sending a specially-crafted request using the cropping parameters, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23572
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a failure to specialize a type during shape inference. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219144 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23592
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds read in the index.php script. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-23571
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail when decoding invalid tensors from proto. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219145 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23591
DESCRIPTION:   TensorFlow vulnerable to a denial of service, caused by a stack-based buffer overflow by the GraphDef format. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218902 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23580
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by allocating a vector that is too large. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23594
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the TFG dialect when making assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218894 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:   CVE-2022-23575
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow in the implementation of OpLevelCostEstimator::CalculateTensorSize. By creating an operation which would use a large enough number of elements, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219132 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23586
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in function.cc. By altering a SavedModel, a remote authenticated attacker could exploit this vulnerability to crash the Python interpreter.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218898 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23570
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference when specializing tensor type. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219146 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23585
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a memory leak when decoding PNG files by the png::CommonInitDecode(..., &decode) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218899 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-23590
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by altering a GraphDef from a TensorFlow SavedModel. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218903 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23579
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a 'CHECK' failure. By sending a specially-crafted request with an altered SavedModel (SafeToRemoveIdentity), a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23593
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the simplifyBroadcast function when called with scalar shaped. A remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23574
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by a typo in SpecializeType. By sending a specially-crafted request, a remote authenticated attacker could read and write to outside of bounds data.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219142 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23566
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by a heap out-of-bounds write in Grappler. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219147 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23588
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a check failure in the Grappler optimizer. By altering a SavedModel using a reference dtype, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218896 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23573
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an uninitialized variable in the implementation of AssignOp. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219143 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23584
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a use-after-free flaw when decoding PNG images by the png::CommonFreeDecode(&decode) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23583
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a type confusion. By sending a specially-crafted request with an altered SavedModel, a remote authenticated attacker could exploit this vulnerability to cause a 'CHECK' failure, leading to a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23589
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in the Grappler component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218892 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23578
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a memory leak in the implementation of ImmutableExecutorState::Initialize. By sending a specially-crafted request with an invalid graph node, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23563
DESCRIPTION:   Tensorflow could allow a local authenticated attacker to bypass security restrictions, caused by an insecure temporary file flaw in the mktemp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to create files between the check for the filename.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219212 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2022-23565
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a division by an assertion failure. By altering a SavedModel on disk with repeated AttrDef, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219214 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23582
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an overflow of the size of an 'int'. By sending a specially-crafted request with an altered SavedModel (TensorByteSize), a remote attacker could exploit this vulnerability to cause a 'CHECK' failure, leading to a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23559
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow during embedding lookup operations. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219208 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23576
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the implementation of OpLevelCostEstimator::CalculateOutputSize. An attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218971 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23560
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write flaw in arrays of TFLite. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219209 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23564
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a division by flaw when decoding a resource handle tensor from protobuf. By sending specially-crafted arguments, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition in processes.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23557
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a division by zero in the BiasAndClamp implementation. By using a specially-crafted TFLite model, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219206 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23561
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in arrays of TFLite. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219210 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23558
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow during TFLite array creation. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23562
DESCRIPTION:   Tensorflow could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the implementation of Range. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219211 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
Watson Discovery4.0.0-4.0.6
Watson Discovery2.0.0-2.2.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.0.7

Upgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-9

https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install

https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

17 Mar 2022: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSCLA6","label":"Watson Discovery"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"}],"Version":"4.0.0-4.0.6, 2.0.0-2.2.1","Edition":""}]

Document Information

Modified date:
30 March 2022

UID

ibm16564605