Hello everyone,

Today, we are going to discuss a security vulnerability found in TensorFlow (CVE-2022-41889), an open source machine learning platform. The vulnerability is related to the parsing of a list of quantized tensors, leading to a failure in the pywrap code. This issue is caused when the code attempts to parse a tensor and instead returns a 'nullptr', which is not appropriately handled.

The Problem

In TensorFlow, when a list of quantized tensors is assigned to an attribute, it may lead to an error in the underlying Pywrap code. A good example of this problem can be observed in the tf.compat.v1.extract_volume_patches function, which takes quantized tensors as input ksizes. The error is due to the returning of a 'nullptr' by the pywrap code, which is not caught and subsequently handled.

The Exploit

The exploit details for this vulnerability are currently minimal; however, with further investigations, it may be possible that this vulnerability could lead to denial-of-service (DoS) attacks or even unintended behavior in the TensorFlow platform.

The Fix

We are happy to announce that we have already patched this issue in GitHub commit e9e95553e5411834d215e677c81a83a3d0866ce. This fix will be included in TensorFlow 2.11. Moreover, we have assessed that this vulnerability affects TensorFlow versions 2.10.1, 2.9.3, and 2.8.4, which are still in the range of support.

To ensure the safety and reliability of the platform, we will also cherrypick this commit on the aforementioned affected TensorFlow versions. Users are strongly advised to update their TensorFlow installations once these patched versions are officially released.

To reproduce this issue, you may utilize the following code snippet

import tensorflow.compat.v1 as tf
tf.disable_v2_behavior()

input_data = tf.placeholder(tf.float32, [None, 3, 3, 3])
ksizes = tf.constant([1, 2, 2, 1], dtype=tf.qint8)

volume_patches = tf.extract_volume_patches(input_data, ksizes, strides=[1, 1, 1, 1], padding='VALID')

Running this script with an unpatched version of TensorFlow will result in the pywrap code failing to parse the tensor properly.

Original References

More details about the issue and the fix can be found on the following links from the TensorFlow GitHub repository:

- Issue Report
- Patch Commit

We would like to extend our gratitude to the TensorFlow development team and those who reported this vulnerability for their diligent work in swiftly addressing and resolving this issue. As always, security is one of the top priorities for the TensorFlow project, and user collaboration is invaluable in identifying potential vulnerabilities.

Stay safe and keep your TensorFlow installations up to date!

Timeline

Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/22/2022 21:29:00 UTC