How severe is CVE-2022-41902?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-41902?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2022-41902 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.

Related Vulnerabilities

CVE-2017-2615

CRITICAL

CVSS:9.1(Critical)

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A pri...

CWE-7872017

CVE-2019-5541

CRITICAL

CVSS:9.1(Critical)

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may le...

CWE-7872019

CVE-2020-0283

CRITICAL

CVSS:9.1(Critical)

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257

CWE-7872020

CVE-2020-0367

CRITICAL

CVSS:9.1(Critical)

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455

CWE-7872020

CVE-2020-17528

CRITICAL

CVSS:9.1(Critical)

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer o...

CWE-7872020

CVE-2020-9142

CRITICAL

CVSS:9.1(Critical)

There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly pr...

CWE-7872020