Miggo Logo

CVE-2022-23565: `CHECK`-failures in Tensorflow

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.30463%
Published
2/9/2022
Updated
11/13/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.5.32.5.3
tensorflowpip>= 2.6.0, < 2.6.32.6.3
tensorflowpip= 2.7.02.7.1
tensorflow-cpupip< 2.5.32.5.3
tensorflow-cpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-cpupip= 2.7.02.7.1
tensorflow-gpupip< 2.5.32.5.3
tensorflow-gpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-gpupip= 2.7.02.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from a DCHECK assertion in RepeatedAttrDefEqual that enforced AttrDef name uniqueness. The patch replaced this assertion with an error log (commit c2b31ff). This matches the vulnerability description of CHECK-failures caused by duplicated AttrDefs. The function's role in comparing operation attributes and the direct modification in the security patch provide high confidence in this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n tri***r **ni*l o* s*rvi** vi* *ss*rtion **ilur* *y *lt*rin* * `S*v**Mo**l` on *isk su** t**t `*ttr***`s o* som* op*r*tion *r* *upli**t**. ### P*t***s W* **v* p*t**** t** issu* in *it*u* *ommit [****************************

Reasoning

T** vuln*r**ility st*ms *rom * *****K *ss*rtion in R*p**t***ttr****qu*l t**t *n*or*** *ttr*** n*m* uniqu*n*ss. T** p*t** r*pl**** t*is *ss*rtion wit* *n *rror lo* (*ommit *******). T*is m*t***s t** vuln*r**ility **s*ription o* ****K-**ilur*s **us** *