Описание
Interpreter crash from tf.io.decode_raw
Impact
The implementation of tf.io.decode_raw produces incorrect results and crashes the Python interpreter when combining fixed_length and wider datatypes.
The implementation of the padded version is buggy due to a confusion about pointer arithmetic rules.
First, the code computes the width of each output element by dividing the fixed_length value to the size of the type argument:
The fixed_length argument is also used to determine the size needed for the output tensor:
This is followed by reencoding code:
The erroneous code is the last line above: it is moving the out_data pointer by fixed_length * sizeof(T) bytes whereas it only copied at most fixed_length bytes from the input. This results in parts of the input not being decoded into the output.
Furthermore, because the pointer advance is far wider than desired, this quickly leads to writing to outside the bounds of the backing data. This OOB write leads to interpreter crash in the reproducer mentioned here, but more severe attacks can be mounted too, given that this gadget allows writing to periodically placed locations in memory.
Patches
We have patched the issue in GitHub commit 698e01511f62a3c185754db78ebce0eee1f0184d.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Ссылки
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8pmx-p244-g88h
- https://nvd.nist.gov/vuln/detail/CVE-2021-29614
- https://github.com/tensorflow/tensorflow/commit/698e01511f62a3c185754db78ebce0eee1f0184d
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-542.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-740.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-251.yaml
Пакеты
tensorflow
< 2.1.4
2.1.4
tensorflow
>= 2.2.0, < 2.2.3
2.2.3
tensorflow
>= 2.3.0, < 2.3.3
2.3.3
tensorflow
>= 2.4.0, < 2.4.2
2.4.2
tensorflow-cpu
< 2.1.4
2.1.4
tensorflow-cpu
>= 2.2.0, < 2.2.3
2.2.3
tensorflow-cpu
>= 2.3.0, < 2.3.3
2.3.3
tensorflow-cpu
>= 2.4.0, < 2.4.2
2.4.2
tensorflow-gpu
< 2.1.4
2.1.4
tensorflow-gpu
>= 2.2.0, < 2.2.3
2.2.3
tensorflow-gpu
>= 2.3.0, < 2.3.3
2.3.3
tensorflow-gpu
>= 2.4.0, < 2.4.2
2.4.2
EPSS
6.9 Medium
CVSS4
7.1 High
CVSS3
CVE ID
Дефекты
Связанные уязвимости
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. The implementation of the padded version(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc) is buggy due to a confusion about pointer arithmetic rules. First, the code computes(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L61) the width of each output element by dividing the `fixed_length` value to the size of the type argument. The `fixed_length` argument is also used to determine the size needed for the output tensor(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L63-L79). This is followed by reencoding c
TensorFlow is an end-to-end open source platform for machine learning. ...
EPSS
6.9 Medium
CVSS4
7.1 High
CVSS3