Lucene search

K
githubGitHub Advisory DatabaseGHSA-5WPJ-C6F7-24X8
HistoryMay 24, 2022 - 10:13 p.m.

Undefined behavior when users supply invalid resource handles

2022-05-2422:13:59
CWE-20
CWE-475
GitHub Advisory Database
github.com
18

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

32.5%

Impact

Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:

import tensorflow as tf

tf.raw_ops.QueueIsClosedV2(handle=[])
import tensorflow as tf

tf.summary.flush(writer=())

In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior.

Patches

We have patched the issue in GitHub commit a5b89cd68c02329d793356bda85d079e9e69b4e7 and GitHub commit dbdd98c37bc25249e8f288bd30d01e118a7b4498.

The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Hong Jin from Singapore Management University.

Affected configurations

Vulners
Node
tensorflowgpuRange<2.8.1
OR
tensorflowgpuRange<2.7.2
OR
tensorflowgpuRange<2.6.4
OR
tensorflowcpuRange<2.8.1
OR
tensorflowcpuRange<2.7.2
OR
tensorflowcpuRange<2.6.4
OR
github_advisory_databasetensorflowRange<2.8.1
OR
github_advisory_databasetensorflowRange<2.7.2
OR
github_advisory_databasetensorflowRange<2.6.4

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

32.5%