CVE-2022-41899 - Vulnerability in TensorFlow's SdcaOptimizer Triggers CHECK Fail Due to Incorrect Rank Inputs

TensorFlow, an open-source platform for machine learning, has been discovered to contain a vulnerability in its SdcaOptimizer module, more specifically when handling dense_features or example_state_data inputs that are not of rank 2. This issue leads to a CHECK fail, potentially allowing an attacker to exploit the system.

This vulnerability has been assigned the CVE-2022-41899 identifier, and the TensorFlow team has already issued a patch to address it (GitHub commit 80ff197d03db2a70c6a111f97dcdacad1bbabfa). The patched version will be included in the TensorFlow 2.11 release. Meanwhile, subsequent cherrypicks of this commit will be applied to TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4 as these versions are affected by the vulnerability and are still within the supported range.

Code Snippet

The following code shows an example of how to use the SdcaOptimizer with a rank 2 input. However, with the vulnerability present in the affected versions of TensorFlow, inputs not of rank 2 will trigger a CHECK fail:

import tensorflow as tf
from tensorflow.python.framework import ops
from tensorflow.python.ops import gen_sdca_ops

def example_sdca_optimizer():
  dense_features = ops.convert_to_tensor([
    [1., 2.],
    [2., 3.],
    [3., 4.]
  ])
  example_weights = ops.convert_to_tensor([1., 1., 1.])
  example_labels = ops.convert_to_tensor([, 1, 1])

  # Instantiate SdcaOptimizer.
  sdca_optimizer = tf.contrib.linear_optimizer.SdcaOptimizer(
    symmetric_l2_regularization=2.,
    symmetric_l1_regularization=.,
    num_loss_partitions=1,
    num_table_shards=1
  )

  # Invoke Minimize() function on SdcaOptimizer.
  sdca_optimizer.minimize(loss_type='logistic_loss', 
                          examples=dense_features, 
                          example_weights=example_weights, 
                          example_labels=example_labels)

Original References

1. TensorFlow GitHub Repository: https://github.com/tensorflow/tensorflow
2. TensorFlow SdcaOptimizer Documentation: https://www.tensorflow.org/api_docs/python/tf/contrib/linear_optimizer/SdcaOptimizer
3. GitHub Commit with Patch: https://github.com/tensorflow/tensorflow/commit/80ff197d03db2a70c6a111f97dcdacad1bbabfa

Exploit Details

With the vulnerability present in TensorFlow's SdcaOptimizer, it becomes possible for an attacker to trigger a CHECK fail by providing an input with incorrect rank. This could lead to a denial of service or even potentially allowing the attacker to execute arbitrary code.

Mitigation

Users of TensorFlow are encouraged to upgrade to version 2.11 or apply the patch in commit 80ff197d03db2a70c6a111f97dcdacad1bbabfa. Alternatively, users running TensorFlow 2.10.1, 2.9.3, or TensorFlow 2.8.4 should apply the cherrypicked patch provided by the TensorFlow team.

Timeline

Published on: 11/18/2022 22:15:00 UTC
Last modified on: 07/10/2023 16:18:00 UTC