CVE-2022-23567

Integer overflows in Tensorflow

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Tensorflow es un marco de aprendizaje automático de código abierto. Las implementaciones de las operaciones "Sparse*Cwise*" son vulnerables a desbordamientos de enteros. Estos pueden ser usados para desencadenar grandes asignaciones (por tanto, denegación de servicio basada en OOM) o fallos de "CHECK" cuando son construidos nuevos objetos "TensorShape" (por tanto, denegación de servicio basada en fallos de assert). Nos falta algo de comprobación en las formas de los tensores de entrada, así como construir directamente un "TensorShape" grande con las dimensiones proporcionadas por el usuario. La corrección será incluida en TensorFlow versión 2.8.0. También seleccionaremos este commit en TensorFlow versión 2.7.1, TensorFlow versión 2.6.3, y TensorFlow versión 2.5.3, ya que estos también están afectados y aún están en el rango admitido

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-02-03 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-10-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC
https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc	2024-08-03

URL	Date	SRC
https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-198.md	2022-02-09
https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8	2022-02-09
https://github.com/tensorflow/tensorflow/commit/e952a89b7026b98fe8cbe626514a93ed68b7c510	2022-02-09
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43	2022-02-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				<= 2.5.2 Search vendor "Google" for product "Tensorflow" and version " <= 2.5.2"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.6.0 <= 2.6.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.6.0 <= 2.6.2"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				2.7.0 Search vendor "Google" for product "Tensorflow" and version "2.7.0"		-		Affected