CVE-2022-23593: Segfault in `simplifyBroadcast` in Tensorflow
(updated )
The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes.
size_t maxRank = 0;
for (auto shape : llvm::enumerate(shapes)) {
auto found_shape = analysis.dimensionsForShapeTensor(shape.value());
if (!found_shape) return {};
shapes_found.push_back(*found_shape);
maxRank = std::max(maxRank, found_shape->size());
}
SmallVector<const ShapeComponentAnalysis::SymbolicDimension*>
joined_dimensions(maxRank);
If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector.
References
- github.com/advisories/GHSA-gwcx-jrx4-92w2
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-102.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-157.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/compiler/mlir/tfrt/jit/transforms/tf_cpurt_symbolic_shape_optimization.cc
- github.com/tensorflow/tensorflow/commit/35f0fabb4c178253a964d7aabdbb15c6a398b69a
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gwcx-jrx4-92w2
- nvd.nist.gov/vuln/detail/CVE-2022-23593
Code Behaviors & Features
Detect and mitigate CVE-2022-23593 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →