cvelistv5 - CVE-2022-23589

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74	Exploit, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497	Exploit, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp	Patch, Third Party Advisory

gsd-2022-23589

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Aliases

CVE-2022-23589

Aliases

CVE-2022-23589

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23589",
    "description": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.",
    "id": "GSD-2022-23589",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-23589.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23589"
      ],
      "details": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.",
      "id": "GSD-2022-23589",
      "modified": "2023-12-13T01:19:35.346815Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23589",
        "STATE": "PUBLIC",
        "TITLE": "Null pointer dereference in Grappler\u0027s `IsConstant` in Tensorflow"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "tensorflow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 2.7.0, \u003c 2.7.1"
                        },
                        {
                          "version_value": "\u003e= 2.6.0, \u003c 2.6.3"
                        },
                        {
                          "version_value": "\u003c 2.5.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "tensorflow"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-476: NULL Pointer Dereference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp",
            "refsource": "CONFIRM",
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-9px9-73fg-3fqp",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.5.3||\u003e=2.6.0,\u003c2.6.3||==2.7.0",
          "affected_versions": "All versions before 2.5.3, all versions starting from 2.6.0 before 2.6.3, version 2.7.0",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-476",
            "CWE-937"
          ],
          "date": "2022-02-11",
          "description": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.5.3",
            "2.6.3",
            "2.7.1"
          ],
          "identifier": "CVE-2022-23589",
          "identifiers": [
            "GHSA-9px9-73fg-3fqp",
            "CVE-2022-23589"
          ],
          "not_impacted": "All versions starting from 2.5.3 before 2.6.0, all versions starting from 2.6.3 before 2.7.0, all versions after 2.7.0",
          "package_slug": "pypi/tensorflow-cpu",
          "pubdate": "2022-02-09",
          "solution": "Upgrade to versions 2.5.3, 2.6.3, 2.7.1 or above.",
          "title": "NULL Pointer Dereference",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp",
            "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf",
            "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1",
            "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74",
            "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23589",
            "https://github.com/advisories/GHSA-9px9-73fg-3fqp"
          ],
          "uuid": "3d2a05c3-2398-4874-a569-340fcd1b1004"
        },
        {
          "affected_range": "\u003c2.5.3||\u003e=2.6.0,\u003c2.6.3||==2.7.0",
          "affected_versions": "All versions before 2.5.3, all versions starting from 2.6.0 before 2.6.3, version 2.7.0",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-476",
            "CWE-937"
          ],
          "date": "2022-02-11",
          "description": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.5.3",
            "2.6.3",
            "2.7.1"
          ],
          "identifier": "CVE-2022-23589",
          "identifiers": [
            "GHSA-9px9-73fg-3fqp",
            "CVE-2022-23589"
          ],
          "not_impacted": "All versions starting from 2.5.3 before 2.6.0, all versions starting from 2.6.3 before 2.7.0, all versions after 2.7.0",
          "package_slug": "pypi/tensorflow-gpu",
          "pubdate": "2022-02-09",
          "solution": "Upgrade to versions 2.5.3, 2.6.3, 2.7.1 or above.",
          "title": "NULL Pointer Dereference",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp",
            "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf",
            "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1",
            "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74",
            "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23589",
            "https://github.com/advisories/GHSA-9px9-73fg-3fqp"
          ],
          "uuid": "ab0a66cc-3077-400a-8843-3737dcb147c3"
        },
        {
          "affected_range": "\u003c=2.5.2||\u003e=2.6.0,\u003c=2.6.2||==2.7.0",
          "affected_versions": "All versions up to 2.5.2, all versions starting from 2.6.0 up to 2.6.2, version 2.7.0",
          "cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-476",
            "CWE-937"
          ],
          "date": "2022-02-10",
          "description": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow We will also cherrypick this commit on TensorFlow, TensorFlow, and TensorFlow, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.5.3",
            "2.6.3",
            "2.7.1"
          ],
          "identifier": "CVE-2022-23589",
          "identifiers": [
            "CVE-2022-23589",
            "GHSA-9px9-73fg-3fqp"
          ],
          "not_impacted": "All versions after 2.5.2 before 2.6.0, all versions after 2.6.2 before 2.7.0, all versions after 2.7.0",
          "package_slug": "pypi/tensorflow",
          "pubdate": "2022-02-04",
          "solution": "Upgrade to versions 2.5.3, 2.6.3, 2.7.1 or above.",
          "title": "NULL Pointer Dereference",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23589",
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp",
            "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1",
            "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74",
            "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497",
            "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
          ],
          "uuid": "c6c0e29c-1b01-477e-8aaa-ffe0853cf2ff"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.6.2",
                "versionStartIncluding": "2.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23589"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-10T18:00Z",
      "publishedDate": "2022-02-04T23:15Z"
    }
  }
}

ghsa-9px9-73fg-3fqp

Vulnerability from github

Published

2022-02-09 23:29

Modified

2024-11-07 22:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Null pointer dereference in Grappler's `IsConstant`

Details

Impact

Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file (fixing the first one would trigger the same dereference in the second place):

First, during constant folding, the GraphDef might not have the required nodes for the binary operation:

cc NodeDef* mul_left_child = node_map_->GetNode(node->input(0)); NodeDef* mul_right_child = node_map_->GetNode(node->input(1)); // One child must be constant, and the second must be Conv op. const bool left_child_is_constant = IsReallyConstant(*mul_left_child); const bool right_child_is_constant = IsReallyConstant(*mul_right_child);

If a node is missing, the correposning mul_*child would be null, and the dereference in the subsequent line would be incorrect.

We have a similar issue during IsIdentityConsumingSwitch:

cc NodeDef* input_node = graph.GetNode(tensor_id.node()); return IsSwitch(*input_node);

Patches

We have patched the issue in GitHub commits 0a365c029e437be0349c31f8d4c9926b69fa3fa1 and 045deec1cbdebb27d817008ad5df94d96a08b1bf.

The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-04T18:50:26Z",
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nUnder certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place):\n\nFirst, during [constant folding](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497), the `GraphDef` might not have the required nodes for the binary operation:\n\n```cc\n  NodeDef* mul_left_child = node_map_-\u003eGetNode(node-\u003einput(0));\n  NodeDef* mul_right_child = node_map_-\u003eGetNode(node-\u003einput(1));\n  // One child must be constant, and the second must be Conv op.\n  const bool left_child_is_constant = IsReallyConstant(*mul_left_child);\n  const bool right_child_is_constant = IsReallyConstant(*mul_right_child);\n```\n\nIf a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect.\n\nWe have a similar issue during [`IsIdentityConsumingSwitch`](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74):\n\n```cc\n  NodeDef* input_node = graph.GetNode(tensor_id.node());\n  return IsSwitch(*input_node);\n```\n\n### Patches\nWe have patched the issue in GitHub commits [0a365c029e437be0349c31f8d4c9926b69fa3fa1](https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1) and [045deec1cbdebb27d817008ad5df94d96a08b1bf](https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf).\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
  "id": "GHSA-9px9-73fg-3fqp",
  "modified": "2024-11-07T22:30:48Z",
  "published": "2022-02-09T23:29:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23589"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-98.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-153.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Null pointer dereference in Grappler\u0027s `IsConstant`"
}

pysec-2022-98

Vulnerability from pysec

Published

2022-02-04 23:15

Modified

2022-03-09 00:17

Details

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the GraphDef might not have the required nodes for the binary operation. If a node is missing, the correposning mul_*child would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during IsIdentityConsumingSwitch. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu",
        "purl": "pkg:pypi/tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0a365c029e437be0349c31f8d4c9926b69fa3fa1"
            },
            {
              "fixed": "045deec1cbdebb27d817008ad5df94d96a08b1bf"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            },
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.15.0",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.3.4",
        "2.4.0",
        "2.4.1",
        "2.4.2",
        "2.4.3",
        "2.4.4",
        "2.5.0",
        "2.5.1",
        "2.5.2",
        "2.6.0",
        "2.6.1",
        "2.6.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23589",
    "GHSA-9px9-73fg-3fqp"
  ],
  "details": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.",
  "id": "PYSEC-2022-98",
  "modified": "2022-03-09T00:17:36.051133Z",
  "published": "2022-02-04T23:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
    }
  ]
}

pysec-2022-153

Vulnerability from pysec

Published

2022-02-04 23:15

Modified

2022-03-09 00:18

Details

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the GraphDef might not have the required nodes for the binary operation. If a node is missing, the correposning mul_*child would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during IsIdentityConsumingSwitch. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu",
        "purl": "pkg:pypi/tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0a365c029e437be0349c31f8d4c9926b69fa3fa1"
            },
            {
              "fixed": "045deec1cbdebb27d817008ad5df94d96a08b1bf"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            },
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.11.0",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.15.0",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.15.5",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.9.0",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.0.4",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.3.4",
        "2.4.0",
        "2.4.1",
        "2.4.2",
        "2.4.3",
        "2.4.4",
        "2.5.0",
        "2.5.1",
        "2.5.2",
        "2.6.0",
        "2.6.1",
        "2.6.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23589",
    "GHSA-9px9-73fg-3fqp"
  ],
  "details": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.",
  "id": "PYSEC-2022-153",
  "modified": "2022-03-09T00:18:29.733275Z",
  "published": "2022-02-04T23:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/mutable_graph_view.cc#L59-L74"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L3466-L3497"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/045deec1cbdebb27d817008ad5df94d96a08b1bf"
    }
  ]
}

CVE-2022-23589

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2022-23589

Vulnerability from cvelistv5

gsd-2022-23589

Vulnerability from gsd

ghsa-9px9-73fg-3fqp

Vulnerability from github

Impact

Patches

For more information

pysec-2022-98

Vulnerability from pysec

pysec-2022-153

Vulnerability from pysec

Tags

Sightings

Nomenclature