CVE-2022-23559: Integer overflow in TFLite
(updated )
An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations:
int embedding_size = 1;
int lookup_size = 1;
for (int i = 0; i < lookup_rank - 1; i++, k++) {
const int dim = dense_shape->data.i32[i];
lookup_size *= dim;
output_shape->data[k] = dim;
}
for (int i = 1; i < embedding_rank; i++, k++) {
const int dim = SizeOfDimension(value, i);
embedding_size *= dim;
output_shape->data[k] = dim;
}
Both embedding_size
and lookup_size
are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication.
In certain scenarios, this can then result in heap OOB read/write.
References
- github.com/advisories/GHSA-98p5-x8x4-c9m5
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-68.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-123.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc
- github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043
- github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4
- github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01
- github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5
- nvd.nist.gov/vuln/detail/CVE-2022-23559
Detect and mitigate CVE-2022-23559 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →