CVE-2022-23568: Integer overflows in Tensorflow
(updated )
The implementation of AddManySparseToTensorsMap
is vulnerable to an integer overflow which results in a CHECK
-fail when building new TensorShape
objects (so, an assert failure based denial of service):
import tensorflow as tf
import numpy as np
tf.raw_ops.AddManySparseToTensorsMap(
sparse_indices=[(0,0),(0,1),(0,2),(4,3),(5,0),(5,1)],
sparse_values=[1,1,1,1,1,1],
sparse_shape=[2**32,2**32],
container='',
shared_name='',
name=None)
We are missing some validation on the shapes of the input tensors as well as directly constructing a large TensorShape
with user-provided dimensions. The latter is an instance of TFSA-2021-198 (CVE-2021-41197) and is easily fixed by replacing a call to TensorShape
constructor with a call to BuildTensorShape
static helper factory.
References
- github.com/advisories/GHSA-6445-fm66-fvq2
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.cc
- github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8
- github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c
- github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2
- nvd.nist.gov/vuln/detail/CVE-2022-23568
Detect and mitigate CVE-2022-23568 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →