CVE-2022-23572 Crash when type cannot be specialized in Tensorflow

2022-02-0422:32:29

CWE-754

GitHub_M

www.cve.org

tensorflow

shape inference

crash

cve-2022-23572

datatypespecialization

dcheck

assertion failure

fix

tensorflow 2.8.0

cherrypick

commit

supported range

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.2%

JSON

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the ValueOrDie line. This results in an assertion failure as ret contains an error Status, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.7.0, < 2.7.1"
      },
      {
        "status": "affected",
        "version": ">= 2.6.0, < 2.6.3"
      },
      {
        "status": "affected",
        "version": "< 2.5.3"
      }
    ]
  }
]