Lucene search

GitHub Advisory DatabaseGHSA-98P5-X8X4-C9M5

HistoryFeb 09, 2022 - 11:52 p.m.

Integer overflow in TFLite

2022-02-0923:52:51

CWE-190

GitHub Advisory Database

github.com

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

64.9%

JSON

Impact

An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations:

  int embedding_size = 1;
  int lookup_size = 1;
  for (int i = 0; i &lt; lookup_rank - 1; i++, k++) {
    const int dim = dense_shape-&gt;data.i32[i];
    lookup_size *= dim;
    output_shape-&gt;data[k] = dim;
  }
  for (int i = 1; i &lt; embedding_rank; i++, k++) {
    const int dim = SizeOfDimension(value, i);
    embedding_size *= dim;
    output_shape-&gt;data[k] = dim;
  }

Both embedding_size and lookup_size are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication.

In certain scenarios, this can then result in heap OOB read/write.

Patches

We have patched the issue in GitHub commits f19be71717c497723ba0cea0379e84f061a75e01, 1de49725a5fc4e48f1a3b902ec3599ee99283043 and a4e401da71458d253b05e41f28637b65baf64be4.

The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Wang Xuan of Qihoo 360 AIVul Team.

Affected configurations

Vulners

Node

tensorflowgpuMatch2.7.0

tensorflowgpuRange<2.6.3

tensorflowgpuRange<2.5.3

tensorflowcpuMatch2.7.0

tensorflowcpuRange<2.6.3

tensorflowcpuRange<2.5.3

tensorflowtensorflowMatch2.7.0

tensorflowtensorflowRange<2.6.3

tensorflowtensorflowRange<2.5.3

CPENameOperatorVersion
tensorflow-gpueq2.7.0
tensorflow-gpult2.6.3
tensorflow-gpult2.5.3
tensorflow-cpueq2.7.0
tensorflow-cpult2.6.3
tensorflow-cpult2.5.3
tensorfloweq2.7.0
tensorflowlt2.6.3
tensorflowlt2.5.3

Name	Operator	Version
tensorflow-gpu	eq	2.7.0
tensorflow-gpu	lt	2.6.3
tensorflow-gpu	lt	2.5.3
tensorflow-cpu	eq	2.7.0
tensorflow-cpu	lt	2.6.3
tensorflow-cpu	lt	2.5.3
tensorflow	eq	2.7.0
tensorflow	lt	2.6.3
tensorflow	lt	2.5.3

References

github.com/advisories/GHSA-98p5-x8x4-c9m5

github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/embedding_lookup_sparse.cc#L179-L189

github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043

github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4

github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01

github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5

nvd.nist.gov/vuln/detail/CVE-2022-23559

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

64.9%

JSON

Related for GHSA-98P5-X8X4-C9M5