In this post, we delve into the details of CVE-2022-45907, a recent security vulnerability found in the popular deep learning framework, PyTorch. Researchers identified that versions of PyTorch before trunk/89695 are prone to arbitrary code execution attacks because eval was used unsafely within the torch.jit.annotations.parse_type_line function. An attacker can exploit this vulnerability to execute arbitrary code on a system running a vulnerable version of PyTorch and potentially cause severe damage. Thus, it is crucial that users update to the latest version of PyTorch to mitigate this risk.

Vulnerability Details

The vulnerability resides in the torch.jit.annotations.parse_type_line function, which allows users to define types annotations for PyTorch tensors. PyTorch erroneously uses the eval function for parsing input without any sanitization, leading to the potential for arbitrary code execution.

Here's the code snippet from the vulnerable function

def parse_type_line(type_line: str) -> Tuple[str, Dict[str, Any]]:
    """
    Parses the given line in a .pyi file corresponding to the type of a function
    """
    try:
        name, annot_str = type_line.split("(", 1)
        name = name.strip()
        annot_str = annot_str.rstrip(")").rstrip(",")
        annots_raw = annot_str.split(",")
        annots: Dict[str, Any] = {}
        for annot_raw in annots_raw:
            k, v = annot_raw.split("=", 1)
            annots[k.strip()] = eval(v.strip())
        return name, annots
    except Exception:
        raise RuntimeError(f"Failed to parse annotation {type_line}")

Notice the line annots[k.strip()] = eval(v.strip()). The eval function is used to evaluate the provided expression, allowing an attacker to execute arbitrary code by crafting malicious input.

Exploit Details

An attacker can exploit this vulnerability by creating a malicious type annotation in a .pyi file, which could be a part of a seemingly harmless third-party package or library that a PyTorch user installs.

Consider the following example of a malicious .pyi file

import os
os.system("calc.exe") # For demonstration purposes, this simply opens the calculator app

A PyTorch user may run the following code to use a function that utilizes the vulnerable parse_type_line function:

import torch
import some_module
some_module.some_function()

As a result, PyTorch will execute the arbitrary code provided in the malicious type_in_line definition, opening the calculator application.

Mitigation

PyTorch developers have addressed this issue by removing the unsafe usage of eval in the parse_type_line function. The fix has been implemented in the trunk/89695 version of PyTorch.

To protect your systems from this vulnerability, you should update to the latest version of PyTorch immediately. You can do this using pip by running the following command:

pip install --upgrade torch

Also, ensure that you exercise caution when using third-party libraries and packages. Be vigilant when importing unknown libraries, and only use trusted sources.

For additional information on this vulnerability, consult the following resources

1. PyTorch GitHub Commit - The GitHub commit that resolves this vulnerability.
2. Common Vulnerabilities and Exposures (CVE) Entry - CVE-2022-45907's official entry in the CVE database.

Stay safe, and always keep your software up to date to protect yourself from the ever-evolving landscape of security vulnerabilities.

Timeline

Published on: 11/26/2022 02:15:00 UTC
Last modified on: 08/08/2023 14:21:00 UTC