SB2024042319 - Multiple vulnerabilities in IBM Watson Discovery Cartridge for IBM Cloud Pak for Data

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024042319

SB2024042319 - Multiple vulnerabilities in IBM Watson Discovery Cartridge for IBM Cloud Pak for Data

Published: April 23, 2024

Security Bulletin ID SB2024042319
Severity
High
Patch available
YES
Number of vulnerabilities 24
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 24 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2022-41894)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. A remote unauthenticated attacker can craft a model with a specific number of input channels to write specific values through the bias of the layer outside the bounds of the buffer


2) Out-of-bounds read (CVE-ID: CVE-2022-41883)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to executor will crash when ops that have specified input sizes receive a differing number of inputs. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.


3) Out-of-bounds write (CVE-ID: CVE-2022-41902)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in grappler. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


4) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41886)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.raw_ops.ImageProjectiveTransformV2` overflows when given a large output shape. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


5) Resource exhaustion (CVE-ID: CVE-2022-41891)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.raw_ops.TensorListConcat` results in segmentation fault if given `element_shape=[]`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41887)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


7) Input validation error (CVE-ID: CVE-2022-41908)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in PyFunc. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


8) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2022-41884)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to error will be raised if a numpy array is created with a shape such that one element is zero and the others sum to a large number. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


9) Buffer overflow (CVE-ID: CVE-2022-41900)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the FractionalMaxPool and FractionalAvgPool. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Type conversion (CVE-ID: CVE-2022-41890)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `BCast::ToShape` will crash if given input larger than an `int32`, despite being supposed to handle up to an `int64`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


11) Resource exhaustion (CVE-ID: CVE-2022-41898)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to TensorFlow will crash if `SparseFillEmptyRowsGrad` is given empty inputs. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


12) Buffer overflow (CVE-ID: CVE-2022-41907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in ResizeNearestNeighborGrad. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.


13) Type conversion (CVE-ID: CVE-2022-41911)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to invalid char to bool conversion when printing a tensor. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


14) Input validation error (CVE-ID: CVE-2022-41896)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to TensorFlow will crash if `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


15) Input validation error (CVE-ID: CVE-2022-41901)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in SparseMatrixNNZ. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


16) Reachable Assertion (CVE-ID: CVE-2022-41899)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. A remote attacker can trigger the vulnerability to perform a denial of service (DoS) attack.


17) Input validation error (CVE-ID: CVE-2022-41909)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CompositeTensorVariantToComponents. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


18) Reachable Assertion (CVE-ID: CVE-2022-41893)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the `tf.raw_ops.TensorListResize` results `CHECK` fail when given a nonscalar value for input `size`. A remote attacker can trigger the vulnerability to perform a denial of service (DoS) attack.


19) Out-of-bounds read (CVE-ID: CVE-2022-41897)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to TensorFlow will crash if `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`. A remote attacker can create a specially crafted file, trigger an out-of-bounds read error and read contents of memory on the system.


20) Out-of-bounds read (CVE-ID: CVE-2022-41880)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.


21) Input validation error (CVE-ID: CVE-2022-41888)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked when running on GPU. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


22) Out-of-bounds read (CVE-ID: CVE-2022-41895)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to TensorFlow will give a heap OOB error if `MirrorPadGrad` is given outsize input `paddings`. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.


23) NULL pointer dereference (CVE-ID: CVE-2022-41889)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught, if list of quantized tensors is assigned to an attribute. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


24) Buffer overflow (CVE-ID: CVE-2022-41910)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in QuantizeAndDequantizeV2. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References