CVE-2022-23582: `CHECK`-failures in `TensorByteSize` in Tensorflow
(updated )
A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures.
int64_t TensorByteSize(const TensorProto& t) {
// num_elements returns -1 if shape is not fully defined.
int64_t num_elems = TensorShape(t.tensor_shape()).num_elements();
return num_elems < 0 ? -1 : num_elems * DataTypeSize(t.dtype());
}
TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow the size of an int. The PartialTensorShape constructor instead does not cause a CHECK-abort if the shape is partial, which is exactly what this function needs to be able to return -1.
References
- github.com/advisories/GHSA-4j82-5ccr-4r8v
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-91.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-146.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/attr_value_util.cc
- github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02
- github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v
- nvd.nist.gov/vuln/detail/CVE-2022-23582
Detect and mitigate CVE-2022-23582 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →