CVE-2022-23581: `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

February 7, 2022 (updated November 7, 2024)

The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures.

References

github.com/advisories/GHSA-fq86-3f29-px2c
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-90.yaml
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-145.yaml
github.com/tensorflow/tensorflow
github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc
github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082
github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6
github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1
github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c
nvd.nist.gov/vuln/detail/CVE-2022-23581

Detect and mitigate CVE-2022-23581 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →