Safety vulnerability ID: 44880
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx
Latest version: 2.16.1
TensorFlow is an open source machine learning framework for everyone.
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. See CVE-2022-23595.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx
MISC:https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104: https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/jit/xla_platform_info.cc#L43-L104
MISC:https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8: https://github.com/tensorflow/tensorflow/commit/e21af685e1828f7ca65038307df5cc06de4479e8
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application