CVE-2022-41890: TensorFlow Crash Due to Large Input - Fix and Details

In this post, we discuss a recently discovered vulnerability affecting the TensorFlow open-source machine learning platform, a widely-used framework for machine learning and artificial intelligence tasks. The issue, assigned the identifier CVE-2022-41890, could lead to crashes if certain functions are provided input larger than what an int32 can handle, even though the functions should theoretically accept up to an int64. We also provide information on the fix, relevant code snippets, and links to original references.

The Issue

The problem lies within the BCast::ToShape function in TensorFlow, which may crash if it receives input larger than an int32. One such example can be observed when using the tf.experimental.numpy.outer function and providing a large input to the b parameter. While the function is designed to work with larger inputs (up to an int64), a bug in the code causes the crash.

The following code snippet demonstrates the issue

import tensorflow as tf

a = tf.constant([1], dtype=tf.int64)
b = tf.constant([1], shape=(2**31,), dtype=tf.int64)

result = tf.experimental.numpy.outer(a, b)

In this example, the function would crash due to the large input passed to the b parameter.

The Fix

We have implemented a fix for this issue in the following GitHub commit: 831bf8dd188ff780e7fc53245058215a05bdbe5. This patch will be included in the upcoming TensorFlow 2.11 release. In addition, we will cherrypick the commit for TensorFlow 2.10.1, 2.9.3, and 2.8.4, as those versions are also affected by this vulnerability and fall within the supported range.

Exploit Details

While the potential for exploitation is relatively limited, this vulnerability could lead to crashes, denial of service, or performance degradation in certain TensorFlow-based applications. As a result, it is essential to apply the aforementioned patches to protect your applications from potential issues.

Summary and References

In summary, CVE-2022-41890 is a critical issue that affects the TensorFlow open-source platform for machine learning. The vulnerability could lead to crashes and other problems if not addressed. We have provided a code snippet to illustrate the issue, as well as links to the original GitHub commit that contains the fix (831bf8dd188ff780e7fc53245058215a05bdbe5). It is highly recommended to update to TensorFlow 2.11 or apply the cherrypicked fixes for TensorFlow 2.10.1, 2.9.3, and 2.8.4 to maintain the security and stability of your applications.

Stay safe and ensure that your TensorFlow deployment is up-to-date to avoid potential issues arising from CVE-2022-41890.

Timeline

Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/22/2022 21:30:00 UTC