CVE-2022-23575: Integer overflow in Tensorflow
(updated )
The implementation of OpLevelCostEstimator::CalculateTensorSize
is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements:
int64_t OpLevelCostEstimator::CalculateTensorSize(
const OpInfo::TensorProperties& tensor, bool* found_unknown_shapes) {
int64_t count = CalculateTensorElementCount(tensor, found_unknown_shapes);
int size = DataTypeSize(BaseType(tensor.dtype()));
VLOG(2) << "Count: " << count << " DataTypeSize: " << size;
return count * size;
}
Here, count
and size
can be large enough to cause count * size
to overflow.
References
- github.com/advisories/GHSA-c94w-c95p-phf8
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-84.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-139.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/op_level_cost_estimator.cc
- github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e
- github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8
- nvd.nist.gov/vuln/detail/CVE-2022-23575
Detect and mitigate CVE-2022-23575 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →