Wind River Support Network

HomeDefectsLIN1022-2442
Fixed

LIN1022-2442 : Security Advisory - tensorflow - CVE-2022-41880

Created: Nov 17, 2022    Updated: Mar 22, 2023
Resolved Date: Feb 15, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.6
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

TensorFlow is an open source platform for machine learning. When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

https://nvd.nist.gov/vuln/detail/CVE-2022-41880

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube