CVE-2022-41895: TensorFlow Heap OOB Vulnerability Patched in `MirrorPadGrad`

Hello TensorFlow users and developers! In this post, we will discuss a vulnerability found in TensorFlow, an open-source software library for machine learning. The issue, identified as CVE-2022-41895, relates to the MirrorPadGrad function, which could result in a heap out-of-bounds (OOB) error when given an oversized input paddings. Vulnerabilities like this can have serious implications for the security and functionality of machine learning applications. Fortunately, a patch has been developed and will be shipped with TensorFlow 2.11 along with being cherry-picked to versions 2.10.1, 2.9.3, and 2.8.4.

Vulnerability Details

The vulnerability occurs when the MirrorPadGrad function handles excess input paddings. The heap OOB error can lead to undesirable consequences like crashes, data corruption, or potentially even the execution of arbitrary code.

Here's a code snippet demonstrating the source of the vulnerability

def mirror_pad_grad(grad, paddings, mode):
  # Assuming paddings shape is [n, 2] and non-negative
  # ...
  padded_grad = array_ops.pad(grad, paddings)

If paddings is too large, TensorFlow can't correctly handle the input, leading to the heap OOB error.

Patch Details

The issue has been patched in the GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix introduces input validation to the function, so if the input is too large, an error will be raised, and the heap OOB issue will be avoided:

def mirror_pad_grad(grad, paddings, mode):
  # Check if the paddings are valid
  if not isValidPaddings(paddings):
    raise ValueError("paddings is not valid")

  # Assuming paddings shape is [n, 2] and non-negative
  # ...
  padded_grad = array_ops.pad(grad, paddings)

TensorFlow 2.10.x

The patch will be included in TensorFlow 2.11, and we will also cherrypick this commit on the following affected versions, which are still within the supported range:

To mitigate the risk of CVE-2022-41895, users are advised to do the following

1. Update to TensorFlow 2.11 or the patched versions (2.10.1, 2.9.3, or 2.8.4) when they become available.
2. If updating is not possible, implement input validation for paddings in your code before calling the MirrorPadGrad function.

This vulnerability highlights the importance of being vigilant and proactive in protecting our machine learning applications and data from potential harm. Stay informed and up-to-date on the latest patches and security measures to ensure the safety and success of your projects.

Timeline

Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/22/2022 21:26:00 UTC