CVE-2022-29200: Missing validation causes denial of service via `LSTMBlockCell`
5.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.13042%
CWE
Published
5/24/2022
Updated
7/21/2023
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
tensorflow | pip | < 2.6.4 | 2.6.4 |
tensorflow | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpu | pip | < 2.6.4 | 2.6.4 |
tensorflow-cpu | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-cpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpu | pip | < 2.6.4 | 2.6.4 |
tensorflow-gpu | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-gpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing rank validation in LSTMBlockCellOp
's Compute
implementation. The commit diff shows 15 added OP_REQUIRES
statements validating tensor ranks, which were absent in vulnerable versions. The Python PoC demonstrates passing tensors with incorrect ranks (e.g., wco with shape [28,17] instead of rank 1), which would crash unpatched versions. The function
is explicitly mentioned in CVE-2022-29200
's impact section and the patch directly addresses it by adding validation logic.