CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137 - Exploit, Third Party Advisory () https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137 - Exploit, Third Party Advisory
References () https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9 - Patch, Third Party Advisory () https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9 - Patch, Third Party Advisory
References () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3 - Patch, Third Party Advisory () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3 - Patch, Third Party Advisory

13 Jul 2023, 14:28

Type Values Removed Values Added
CWE CWE-617 CWE-843

Information

Published : 2022-02-04 23:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23583

Mitre link : CVE-2022-23583

CVE.ORG link : CVE-2022-23583


JSON object : View

Products Affected

google

  • tensorflow
CWE
CWE-617

Reachable Assertion

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')