CVE-2022-23566
Out of bounds write in Tensorflow
In short
TensorFlow has a memory vulnerability where a malicious user can write data beyond the intended boundaries of an array in the Grappler component, potentially crashing the application or executing malicious code.
Technical detail
A heap out-of-bounds write vulnerability exists in TensorFlow's `set_output` function within Grappler, allowing an attacker to write to arbitrary memory locations via specially crafted graph inputs. This requires the ability to provide input to the affected function but can result in denial of service or code execution.
Summary generated and translated by AI from the official description.
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
tensorflow · tensorflowWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.h#L394https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/costs/graph_properties.cc#L1132-L1141https://github.com/tensorflow/tensorflow/commit/97282c6d0d34476b6ba033f961590b783fa184cdhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2