{"id":"CVE-2022-21725","summary":"Division by zero in Tensorflow","details":"Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2022-21725","GHSA-v3f7-j968-4h5f","PYSEC-2022-104","PYSEC-2022-49"],"modified":"2026-04-11T18:44:57.135846Z","published":"2022-02-03T12:21:02Z","related":["openSUSE-SU-2024:12116-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21725.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21725.json"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21725"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"last_affected":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"last_affected":"c2363d6d025981c661f8cbecf4c73ca7fbf38caf"},{"introduced":"0"},{"last_affected":"c256c071bb26e1e13b4666d1b3e229e110bc914a"},{"fixed":"3218043d6d3a019756607643cf65574fbfef5d7a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.2"},{"introduced":"2.6.0"},{"last_affected":"2.6.2"},{"introduced":"0"},{"last_affected":"2.7.0"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.1","v2.5.2","v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.0-rc0","v2.7.0-rc1"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["29833062081792161666005548017870540707","173936579719720292403623256344268395905","29160783919781677157968160320488505638","46641724053112140644611597132945207883","261270657023905031731651365465194925928","105486346789585895539336437586888072762","289327973071283131489257969913949164450","76516525785390465010313759252182543601","284127014168270331662102107889152591197","178395313312912296623329868574203817479","287135384709820192118351208362599442661","317441998762747727523661160254998205124","41170625725517448520778338199456765981","198827970660448144038181471784394097209","104926503999769377536160945162331114012","37634970173969770557892736494643445151","210882890693252372670126435166051300183","305877696380064233814483710788752099459","284127014168270331662102107889152591197","178395313312912296623329868574203817479","76960101022723909949595145506632015511","221687124531385363322685673456230569300","217354339717986963618002739411304571180","144204172908090216876006948281603249115","252348079102387377181133407069772359977","337260350130759872171546754530353032013","40083840401807088813406546839261308202","171588677440116069165806940283230154073","309714159776918146402144475873568820613","178395313312912296623329868574203817479","146009143620014892714354756175184375397","105155588636108355300634373854351623741","83209365193850483367099275848526192971","309714159776918146402144475873568820613","261537981841210438032137704090620271120","35924052532745877776035581383402468909","313733131701288456125085628937097868766","95575575759014163078259649189584545979"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Line","id":"CVE-2022-21725-0203f8c3","deprecated":false},{"digest":{"line_hashes":["170921164422964488441798060621330450275","145087031434086507939685739161668472403","98464348392772009462966547162584737076","307029448815549509720744458272872301202","191204749889529602958131077545402679268","43669945047802472791772651896176668023","222728328781793330892851667201763481581","105632016627331921405653063340771650504","220573370481956621355143353405400854134","101574743412873227531523169465394456563","162037738811328696453812074915264864362","94138663486816938200824806803787331483","21651903506955478926663283409209610081","18641428060585684971749251688927803447","309533070058805447338857445006417086587","84312093704981084948134231666715176423"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"file":"tensorflow/core/grappler/costs/op_level_cost_estimator_test.cc"},"signature_type":"Line","id":"CVE-2022-21725-11c3562b","deprecated":false},{"digest":{"function_hash":"54919895359600835365622889974832359897","length":1228},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::PredictMaxPoolGrad","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-1fc1cb68","deprecated":false},{"digest":{"function_hash":"151710292831597662859289626391140167822","length":862},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::PredictAvgPool","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-31c1862e","deprecated":false},{"digest":{"line_hashes":["125260892401503456755454313376142544305","39520042007943423542711692751575181984","335449050479408137004993200710478089835","287587699119703991754319260955399474387"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"file":"tensorflow/core/grappler/costs/op_level_cost_estimator.h"},"signature_type":"Line","id":"CVE-2022-21725-450ea0f9","deprecated":false},{"digest":{"function_hash":"35166802586136732026005820364185328363","length":1194},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::PredictFusedBatchNorm","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-589e0555","deprecated":false},{"digest":{"function_hash":"21973334131829332070769834111565466465","length":934},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::PredictFusedBatchNormGrad","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-5c3da66e","deprecated":false},{"digest":{"function_hash":"79878792015345273602995296816439114011","length":1138},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::OpDimensionsFromInputs","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-6f99050f","deprecated":false},{"digest":{"function_hash":"74450886094222473559020773226200763292","length":1017},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::PredictAvgPoolGrad","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-8c30f61b","deprecated":false},{"digest":{"function_hash":"45069419865403132480880467420472822772","length":919},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"OpLevelCostEstimator::PredictMaxPool","file":"tensorflow/core/grappler/costs/op_level_cost_estimator.cc"},"signature_type":"Function","id":"CVE-2022-21725-951b24cd","deprecated":false},{"digest":{"function_hash":"14898863193808163729554561967569096668","length":1518},"signature_version":"v1","source":"https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a","target":{"function":"ValidateOpDimensionsFromInputs","file":"tensorflow/core/grappler/costs/op_level_cost_estimator_test.cc"},"signature_type":"Function","id":"CVE-2022-21725-e3406382","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21725.json","vanir_signatures_modified":"2026-04-11T18:44:57Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}