CVE-2022-23566: Out of bounds write in Tensorflow
(updated )
TensorFlow is vulnerable to a heap OOB write in Grappler:
Status SetUnknownShape(const NodeDef* node, int output_port) {
shape_inference::ShapeHandle shape =
GetUnknownOutputShape(node, output_port);
InferenceContext* ctx = GetContext(node);
if (ctx == nullptr) {
return errors::InvalidArgument("Missing context");
}
ctx->set_output(output_port, shape);
return Status::OK();
}
The set_output function writes to an array at the specified index:
void set_output(int idx, ShapeHandle shape) { outputs_.at(idx) = shape; }
Hence, this gives a malicious user a write primitive.
References
- github.com/advisories/GHSA-5qw5-89mw-wcg2
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-75.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-130.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc
- github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cd
- github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2
- nvd.nist.gov/vuln/detail/CVE-2022-23566
Detect and mitigate CVE-2022-23566 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →