CVE-2022-23567: Integer overflows in Tensorflow
(updated )
The implementations of Sparse*Cwise* ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or CHECK-fails when building new TensorShape objects (so, assert failures based denial of service):
import tensorflow as tf
import numpy as np
tf.raw_ops.SparseDenseCwiseDiv(
sp_indices=np.array([[9]]),
sp_values=np.array([5]),
sp_shape=np.array([92233720368., 92233720368]),
dense=np.array([4]))
We are missing some validation on the shapes of the input tensors as well as directly constructing a large TensorShape with user-provided dimensions. The latter is an instance of TFSA-2021-198 (CVE-2021-41197) and is easily fixed by replacing a call to TensorShape constructor with a call to BuildTensorShape static helper factory.
References
- github.com/advisories/GHSA-rrx2-r989-2c43
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-76.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-131.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc
- github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md
- github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8
- github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510
- github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43
- nvd.nist.gov/vuln/detail/CVE-2022-23567
Detect and mitigate CVE-2022-23567 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →