Lucene search

GitHub Advisory DatabaseGHSA-MXJJ-953W-2C2V

HistorySep 25, 2020 - 6:28 p.m.

Data corruption in tensorflow-lite

2020-09-2518:28:44

CWE-125

CWE-787

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.6%

JSON

Impact

When determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/types.h#L437-L442

Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors.

Patches

We have patched the issue in 8ee24e7949a20 and will release patch releases for all versions between 1.15 and 2.3.

We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Affected configurations

Vulners

Node

tensorflowgpuMatch2.3.0

tensorflowgpuMatch2.2.0

tensorflowgpuRange<2.1.2

tensorflowgpuRange<2.0.3

tensorflowgpuRange<1.15.4

tensorflowcpuMatch2.3.0

tensorflowcpuMatch2.2.0

tensorflowcpuRange<2.1.2

tensorflowcpuRange<2.0.3

tensorflowcpuRange<1.15.4

tensorflowtensorflowMatch2.3.0

tensorflowtensorflowMatch2.2.0

tensorflowtensorflowRange<2.1.2

tensorflowtensorflowRange<2.0.3

tensorflowtensorflowRange<1.15.4

CPENameOperatorVersion
tensorflow-gpueq2.3.0
tensorflow-gpueq2.2.0
tensorflow-gpult2.1.2
tensorflow-gpult2.0.3
tensorflow-gpult1.15.4
tensorflow-cpueq2.3.0
tensorflow-cpueq2.2.0
tensorflow-cpult2.1.2
tensorflow-cpult2.0.3
tensorflow-cpult1.15.4

Name	Operator	Version
tensorflow-gpu	eq	2.3.0
tensorflow-gpu	eq	2.2.0
tensorflow-gpu	lt	2.1.2
tensorflow-gpu	lt	2.0.3
tensorflow-gpu	lt	1.15.4
tensorflow-cpu	eq	2.3.0
tensorflow-cpu	eq	2.2.0
tensorflow-cpu	lt	2.1.2
tensorflow-cpu	lt	2.0.3
tensorflow-cpu	lt	1.15.4