IBM Support

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Security Bulletin


Summary

IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow.

Vulnerability Details

CVEID:   CVE-2022-41910
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the MakeGrapplerFunctionItem function in QuantizeAndDequantizeV2. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41889
DESCRIPTION:   TensorFlowis vulnerable to a denial of service, caused by a segfault in the pywrap_tfe_src.cc function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41895
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in the MirrorPadGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240391 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41888
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a FPE in the tf.image.generate_bounding_box_proposals function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240385 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41880
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw when receiving a value in true_classes larger than range_max in the BaseCandidateSamplerOp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240379 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-41897
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in the FractionalMaxPoolGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240393 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41893
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK_EQ fail in the tf.raw_ops.TensorListResize function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240389 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41909
DESCRIPTION:   TensorFlowx is vulnerable to a denial of service, caused by segmentation fault in tf.raw_ops.CompositeTensorVariantToComponents function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240399 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41899
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK fail via inputs in the SdcaOptimizer function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240395 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41901
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK_EQ fail via inputs in the SparseMatrixNNZ function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240400 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41896
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper input validation by the tf.raw_ops.Mfcc function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240392 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41911
DESCRIPTION:   TensorFlowx is vulnerable to a denial of service, caused by invalid char to bool conversion when printing a tensor. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240401 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41894
DESCRIPTION:   TensorFlow is vulnerable to a buffer overflow, caused by improper bounds checking by the CONV_3D_TRANSPOSE function on TFLite. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240390 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-41907
DESCRIPTION:   TensorFlowx is vulnerable to a denial of service, caused by a buffer overflow in the tf.raw_ops.ResizeNearestNeighborGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240396 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41898
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK fail via inputs in the SparseFillEmptyRowsGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240394 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41890
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK` fail in BCast overflow. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240387 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41900
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write flaw in the FractionalMaxPool and FractionalAvgPool functions. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-41884
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a segment fault in the ndarray_tensor_bridge function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240381 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41908
DESCRIPTION:   TensorFlowx is vulnerable to a denial of service, caused by a 'CHECK' fail in tf.raw_ops.PyFunc. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41887
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the tf.keras.losses.poisson function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240384 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41891
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a segment fault in the tf.raw_ops.TensorListConcat function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240388 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41886
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the ImageProjectiveTransformV2 function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240383 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-41902
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in MakeGrapplerFunctionItem function in grappler. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241459 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-41883
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds segment fault in the DynamicStitchimproper function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause the executor will crash, and results in a denial of service condition.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240380 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H)

IBM X-Force ID:   240891
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK fail in TensorListScatter and TensorListScatterV2 functions in eager mode. By supplying non scalar inputs in element_shape, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240891 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
Watson Discovery4.0.0-4.6.0

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.6.2 https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

Change History

30 Jan 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Document Location

Worldwide

[{"Business Unit":{"code":"BU029","label":"Data and AI"},"Product":{"code":"SSUPK6","label":"IBM Watson Discovery"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"}],"Version":"4.0.0-4.6.0","Edition":""}]

Document Information

Modified date:
30 January 2023

UID

ibm16855117

Page Feedback