Lucene search

GitHub Advisory DatabaseGHSA-Q4QF-3FC6-8X34

HistorySep 25, 2020 - 6:28 p.m.

Segfault and data corruption in tensorflow-lite

2020-09-2518:28:43

CWE-119

CWE-787

GitHub Advisory Database

github.com

python indexing

tflite

resolveaxis

debug builds

data access

patch releases

tensorflow upgrade

aivul team

qihoo 360

security guide

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

68.3%

JSON

Impact

To mimic Python’s indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reduce.h#L68-L72

If the DCHECK does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.

Patches

We have patched the issue in 2d88f470dea2671b430884260f3626b1fe99830a and will release patch releases for all versions between 1.15 and 2.3.

We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Affected configurations

Vulners

Node

tensorflow-gpuMatch2.3.0

tensorflow-gpuMatch2.2.0

tensorflow-gpuRange2.1.0–2.1.2

tensorflow-gpuRange2.0.0–2.0.3

tensorflow-gpuRange<1.15.4

tensorflow-cpuMatch2.3.0

tensorflow-cpuMatch2.2.0

tensorflow-cpuRange2.1.0–2.1.2

tensorflow-cpuRange2.0.0–2.0.3

tensorflow-cpuRange<1.15.4

tensorflowtensorflowMatch2.3.0

tensorflowtensorflowMatch2.2.0

tensorflowtensorflowRange2.1.0–2.1.2

tensorflowtensorflowRange2.0.0–2.0.3

tensorflowtensorflowRange<1.15.4

VendorProductVersionCPE
*tensorflow-gpu2.3.0cpe:2.3:a:*:tensorflow-gpu:2.3.0:*:*:*:*:*:*:*
*tensorflow-gpu2.2.0cpe:2.3:a:*:tensorflow-gpu:2.2.0:*:*:*:*:*:*:*
*tensorflow-gpu*cpe:2.3:a:*:tensorflow-gpu:*:*:*:*:*:*:*:*
*tensorflow-cpu2.3.0cpe:2.3:a:*:tensorflow-cpu:2.3.0:*:*:*:*:*:*:*
*tensorflow-cpu2.2.0cpe:2.3:a:*:tensorflow-cpu:2.2.0:*:*:*:*:*:*:*
*tensorflow-cpu*cpe:2.3:a:*:tensorflow-cpu:*:*:*:*:*:*:*:*
tensorflowtensorflow2.3.0cpe:2.3:a:tensorflow:tensorflow:2.3.0:*:*:*:*:*:*:*
tensorflowtensorflow2.2.0cpe:2.3:a:tensorflow:tensorflow:2.2.0:*:*:*:*:*:*:*
tensorflowtensorflow*cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	tensorflow-gpu	2.3.0	cpe:2.3:a::tensorflow-gpu:2.3.0:::::::
*	tensorflow-gpu	2.2.0	cpe:2.3:a::tensorflow-gpu:2.2.0:::::::
*	tensorflow-gpu	*	cpe:2.3:a::tensorflow-gpu::::::::*
*	tensorflow-cpu	2.3.0	cpe:2.3:a::tensorflow-cpu:2.3.0:::::::
*	tensorflow-cpu	2.2.0	cpe:2.3:a::tensorflow-cpu:2.2.0:::::::
*	tensorflow-cpu	*	cpe:2.3:a::tensorflow-cpu::::::::*
tensorflow	tensorflow	2.3.0	cpe:2.3:a:tensorflow:tensorflow:2.3.0:::::::*
tensorflow	tensorflow	2.2.0	cpe:2.3:a:tensorflow:tensorflow:2.2.0:::::::*
tensorflow	tensorflow	*	cpe:2.3:a:tensorflow:tensorflow::::::::