← back
CVE-2022-23572

Crash when type cannot be specialized in Tensorflow

CVSS 6.5 MEDIUMEPSS 1.0%CWE-754
In short

TensorFlow can crash when it fails to handle certain data type transformations during model processing. This happens because the code doesn't properly check for errors before trying to use the result, causing the application to stop unexpectedly.

Technical detail

During shape inference, TensorFlow fails to specialize types in specific scenarios where DCHECK assertions (which are disabled in production builds) do not catch the error condition. Execution then proceeds to call ValueOrDie() on an error Status object rather than a valid value, resulting in a crash. The vulnerability affects production deployments when malformed models or specific input configurations trigger the unhandled type specialization failure.

Summary generated and translated by AI from the official description.
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
tensorflow · tensorflow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L168-L174https://github.com/tensorflow/tensorflow/commit/cb164786dc891ea11d3a900e90367c339305dc7bhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rww7-2gpw-fv6j