SB2024042319 - Multiple vulnerabilities in IBM Watson Discovery Cartridge for IBM Cloud Pak for Data
Published: April 23, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 vulnerabilities.
1) Type conversion (CVE-ID: CVE-2022-41911)
CWE-ID: CWE-704 - Type conversion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to invalid char to bool conversion when printing a tensor. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Buffer overflow (CVE-ID: CVE-2022-41910)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in QuantizeAndDequantizeV2. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
3) NULL pointer dereference (CVE-ID: CVE-2022-41889)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught, if list of quantized tensors is assigned to an attribute. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2022-41895)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to TensorFlow will give a heap OOB error if `MirrorPadGrad` is given outsize input `paddings`. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
5) Input validation error (CVE-ID: CVE-2022-41888)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked when running on GPU. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2022-41880)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
7) Out-of-bounds read (CVE-ID: CVE-2022-41897)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to TensorFlow will crash if `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`. A remote attacker can create a specially crafted file, trigger an out-of-bounds read error and read contents of memory on the system.
8) Reachable Assertion (CVE-ID: CVE-2022-41893)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the `tf.raw_ops.TensorListResize` results `CHECK` fail when given a nonscalar value for input `size`. A remote attacker can trigger the vulnerability to perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2022-41909)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CompositeTensorVariantToComponents. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
10) Reachable Assertion (CVE-ID: CVE-2022-41899)
CWE-ID: CWE-617 - Reachable Assertion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. A remote attacker can trigger the vulnerability to perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2022-41901)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SparseMatrixNNZ. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2022-41896)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to TensorFlow will crash if `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2022-41894)
CWE-ID: CWE-120 - Buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. A remote unauthenticated attacker can craft a model with a specific number of input channels to write specific values through the bias of the layer outside the bounds of the buffer
14) Buffer overflow (CVE-ID: CVE-2022-41907)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ResizeNearestNeighborGrad. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
15) Resource exhaustion (CVE-ID: CVE-2022-41898)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to TensorFlow will crash if `SparseFillEmptyRowsGrad` is given empty inputs. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Type conversion (CVE-ID: CVE-2022-41890)
CWE-ID: CWE-704 - Type conversion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to `BCast::ToShape` will crash if given input larger than an `int32`, despite being supposed to handle up to an `int64`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2022-41900)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the FractionalMaxPool and FractionalAvgPool. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2022-41884)
CWE-ID: CWE-670 - Always-Incorrect Control Flow Implementation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to error will be raised if a numpy array is created with a shape such that one element is zero and the others sum to a large number. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
19) Input validation error (CVE-ID: CVE-2022-41908)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in PyFunc. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
20) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41887)
CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
21) Resource exhaustion (CVE-ID: CVE-2022-41891)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to `tf.raw_ops.TensorListConcat` results in segmentation fault if given `element_shape=[]`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
22) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41886)
CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to `tf.raw_ops.ImageProjectiveTransformV2` overflows when given a large output shape. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
23) Out-of-bounds write (CVE-ID: CVE-2022-41902)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in grappler. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
24) Out-of-bounds read (CVE-ID: CVE-2022-41883)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to executor will crash when ops that have specified input sizes receive a differing number of inputs. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.