Описание
Crash due to erroneous StatusOr in TensorFlow
Impact
A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it:
If ctor_type is an error status, ValueOrDie results in a crash.
Patches
We have patched the issue in GitHub commit 955059813cc325dc1db5e2daa6221271406d4439.
We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Ссылки
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278
- https://nvd.nist.gov/vuln/detail/CVE-2022-23590
- https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yaml
- https://github.com/tensorflow/tensorflow
- https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L560-L567
Пакеты
tensorflow
< 2.7.1
2.7.1
tensorflow-cpu
< 2.7.1
2.7.1
tensorflow-gpu
< 2.7.1
2.7.1
Связанные уязвимости
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...