Lucene search

GitHub Advisory DatabaseGHSA-77GP-3H4R-6428

HistoryFeb 09, 2022 - 11:25 p.m.

Out of bounds read and write in Tensorflow

2022-02-0923:25:40

CWE-125

CWE-787

GitHub Advisory Database

github.com

tensorflow

out of bounds

write

read

security issue

patch

github commit

security guide

mutable proto value

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.9%

JSON

Impact

There is a typo in TensorFlow’s SpecializeType which results in heap OOB read/write:

for (int i = 0; i &lt; op_def.output_arg_size(); i++) {
  // ...
  for (int j = 0; j &lt; t-&gt;args_size(); j++) {
    auto* arg = t-&gt;mutable_args(i);
    // ...
  }
}

Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data.

Patches

We have patched the issue in GitHub commit 0657c83d08845cc434175934c642299de2c0f042.

The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Affected configurations

Vulners

Node

tensorflow-gpuMatch2.7.0

tensorflow-gpuRange2.6.0–2.6.3

tensorflow-gpuRange<2.5.3

tensorflow-cpuMatch2.7.0

tensorflow-cpuRange2.6.0–2.6.3

tensorflow-cpuRange<2.5.3

tensorflowtensorflowMatch2.7.0

tensorflowtensorflowRange2.6.0–2.6.3

tensorflowtensorflowRange<2.5.3

VendorProductVersionCPE
*tensorflow-gpu2.7.0cpe:2.3:a:*:tensorflow-gpu:2.7.0:*:*:*:*:*:*:*
*tensorflow-gpu*cpe:2.3:a:*:tensorflow-gpu:*:*:*:*:*:*:*:*
*tensorflow-cpu2.7.0cpe:2.3:a:*:tensorflow-cpu:2.7.0:*:*:*:*:*:*:*
*tensorflow-cpu*cpe:2.3:a:*:tensorflow-cpu:*:*:*:*:*:*:*:*
tensorflowtensorflow2.7.0cpe:2.3:a:tensorflow:tensorflow:2.7.0:*:*:*:*:*:*:*
tensorflowtensorflow*cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	tensorflow-gpu	2.7.0	cpe:2.3:a::tensorflow-gpu:2.7.0:::::::
*	tensorflow-gpu	*	cpe:2.3:a::tensorflow-gpu::::::::*
*	tensorflow-cpu	2.7.0	cpe:2.3:a::tensorflow-cpu:2.7.0:::::::
*	tensorflow-cpu	*	cpe:2.3:a::tensorflow-cpu::::::::*
tensorflow	tensorflow	2.7.0	cpe:2.3:a:tensorflow:tensorflow:2.7.0:::::::*
tensorflow	tensorflow	*	cpe:2.3:a:tensorflow:tensorflow::::::::

References

github.com/advisories/GHSA-77gp-3h4r-6428

github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.cc#L81-L102

github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042

github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428

nvd.nist.gov/vuln/detail/CVE-2022-23574

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.9%

JSON

Related for GHSA-77GP-3H4R-6428