Wind River Support Network

HomeDefectsLIN1021-4784
Fixed

LIN1021-4784 : Security Advisory - tensorflow - CVE-2022-41880

Created: Nov 18, 2022    Updated: Sep 15, 2024
Resolved Date: Jan 19, 2023
Found In Version: 10.21.20.1
Fix Version: 10.21.20.16
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

TensorFlow is an open source platform for machine learning. When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

https://nvd.nist.gov/vuln/detail/CVE-2022-41880

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube