6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%
An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations:
int embedding_size = 1;
int lookup_size = 1;
for (int i = 0; i < lookup_rank - 1; i++, k++) {
const int dim = dense_shape->data.i32[i];
lookup_size *= dim;
output_shape->data[k] = dim;
}
for (int i = 1; i < embedding_rank; i++, k++) {
const int dim = SizeOfDimension(value, i);
embedding_size *= dim;
output_shape->data[k] = dim;
}
Both embedding_size
and lookup_size
are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication.
In certain scenarios, this can then result in heap OOB read/write.
We have patched the issue in GitHub commits f19be71717c497723ba0cea0379e84f061a75e01, 1de49725a5fc4e48f1a3b902ec3599ee99283043 and a4e401da71458d253b05e41f28637b65baf64be4.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
This vulnerability has been reported by Wang Xuan of Qihoo 360 AIVul Team.
CPE | Name | Operator | Version |
---|---|---|---|
tensorflow-gpu | eq | 2.7.0 | |
tensorflow-gpu | lt | 2.6.3 | |
tensorflow-gpu | lt | 2.5.3 | |
tensorflow-cpu | eq | 2.7.0 | |
tensorflow-cpu | lt | 2.6.3 | |
tensorflow-cpu | lt | 2.5.3 | |
tensorflow | eq | 2.7.0 | |
tensorflow | lt | 2.6.3 | |
tensorflow | lt | 2.5.3 |
github.com/advisories/GHSA-98p5-x8x4-c9m5
github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189
github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043
github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4
github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01
github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5
nvd.nist.gov/vuln/detail/CVE-2022-23559
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.9%