CVE-2022-29212: 
Python vulnerability analysis and mitigation

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The vulnerability exists because during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. This caused a TFLITECHECKLT assertion to trigger and abort the process when calling QuantizeMultiplierSmallerThanOneExp (GitHub Advisory, NVD).

The vulnerability occurs in the quantization process when the scale value is greater than 1. The code was incorrectly calling QuantizeMultiplierSmallerThanOneExp function which has an assertion check that expects the multiplier to be less than 1. When this assertion fails due to a scale value greater than 1, it causes the process to abort and crash (GitHub Advisory).

When exploited, this vulnerability causes the TFLite interpreter to crash when loading affected models, resulting in a denial of service condition. This affects applications using TFLite models with quantization (GitHub Advisory).

The issue has been patched in TensorFlow versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. Users are recommended to upgrade to these patched versions. The fix involves properly handling cases where the quantization scale is greater than 1 (GitHub Advisory, TF Release).