CVE-2022-23589: Null pointer dereference in Grappler's `IsConstant`
(updated )
Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file (fixing the first one would trigger the same dereference in the second place):
References
- github.com/advisories/GHSA-9px9-73fg-3fqp
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc
- github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf
- github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1
- github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp
- nvd.nist.gov/vuln/detail/CVE-2022-23589
Detect and mitigate CVE-2022-23589 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →