SB2022020239 - Multiple vulnerabilities in TensorFlow
Published: February 2, 2022 Updated: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 31 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-23594)
The vulnerability allows a local user to cause a denial of service or perform out-of-bounds memory access.
The vulnerability exists due to improper input validation in the TFG dialect GraphDef-to-MLIR conversion logic when converting a modified SavedModel GraphDef to MLIR-based IR. A local user can alter the SavedModel format on disk to cause a denial of service or perform out-of-bounds memory access.
Under certain scenarios, heap out-of-bounds read and write operations are possible.
2) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-23590)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper error handling in GraphDef processing when loading a maliciously altered SavedModel. A remote attacker can supply a specially crafted GraphDef to cause a denial of service.
3) Uncontrolled Recursion (CVE-ID: CVE-2022-23591)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled recursion in GraphDef when loading a SavedModel containing a self-recursive function. A remote attacker can supply a crafted SavedModel to cause a denial of service.
The issue is triggered during execution while resolving NodeDef entries for the recursive function.
4) NULL pointer dereference (CVE-ID: CVE-2022-23589)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in Grappler's IsConstant constant folding logic and IsIdentityConsumingSwitch when processing a maliciously altered SavedModel file. A remote attacker can supply a specially crafted SavedModel file to cause a denial of service.
5) Uncaught Exception (CVE-ID: CVE-2022-23582)
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper handling of partial or overflowing tensor shapes in TensorByteSize when processing an altered SavedModel. A remote user can supply a specially crafted SavedModel to cause a denial of service.
6) Input validation error (CVE-ID: CVE-2022-23579)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in Grappler's SafeToRemoveIdentity when processing an altered SavedModel. A remote attacker can supply a specially crafted SavedModel to cause a denial of service.
7) Input validation error (CVE-ID: CVE-2022-23580)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in shape inference when processing a user-controlled tensor value. A remote attacker can supply a crafted tensor with a large dimension value to cause a denial of service.
8) NULL pointer dereference (CVE-ID: CVE-2022-23577)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in GetInitOp when loading a maliciously altered SavedModel from disk. A local user can modify the SavedModel protobuf on disk to cause a denial of service.
9) Integer overflow (CVE-ID: CVE-2022-23576)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow in OpLevelCostEstimator::CalculateOutputSize when processing an operation involving tensors with a large number of elements. A remote attacker can create an operation with sufficiently large tensor dimensions to cause a denial of service.
10) Integer overflow (CVE-ID: CVE-2022-23575)
The vulnerability allows a remote attacker to cause an integer overflow.
The vulnerability exists due to integer overflow in OpLevelCostEstimator::CalculateTensorSize when calculating the size of a tensor with a large enough number of elements. A remote attacker can create an operation involving a tensor with a sufficiently large element count to cause an integer overflow.
11) Input validation error (CVE-ID: CVE-2022-23564)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in resource handle tensor decoding when parsing protobuf input. A remote attacker can supply user-controlled arguments to trigger a failed CHECK assertion to cause a denial of service.
12) Out-of-bounds write (CVE-ID: CVE-2022-23561)
The vulnerability allows a remote attacker to perform an arbitrary write.
The vulnerability exists due to out-of-bounds write in TFLite when parsing a crafted TFLite model. A remote attacker can supply a specially crafted model to perform an arbitrary write.
Under certain conditions, the issue can override the linked list used by the memory allocator.
13) Integer overflow (CVE-ID: CVE-2022-23558)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow in TfLiteIntArrayCreate when parsing a crafted TFLite model. A remote attacker can supply a specially crafted model to cause a denial of service.
14) Division by zero (CVE-ID: CVE-2022-21741)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to division by zero in the depthwise convolution implementation in TFLite when parsing a crafted TFLite model. A remote attacker can supply a specially crafted model to cause a denial of service.
15) Heap-based buffer overflow (CVE-ID: CVE-2022-21740)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in SparseCountSparseOutput when parsing user-supplied input to the operation. A local user can supply crafted indices and length values to cause a denial of service.
16) NULL pointer dereference (CVE-ID: CVE-2022-21739)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a reference binding to null pointer in the QuantizedMaxPool operation when processing user-supplied input tensors. A remote attacker can supply crafted arguments to trigger a crash and cause a denial of service.
17) Input validation error (CVE-ID: CVE-2022-21736)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in SparseTensorSliceDataset when processing user-supplied sparse tensor arguments. A local user can provide crafted indices, values, and dense_shape inputs to cause a denial of service.
The issue can result in dereferencing a nullptr value under certain conditions.
18) Input validation error (CVE-ID: CVE-2022-23569)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in tensor shape handling when building invalid or overflowing tensor shapes. A remote attacker can provide crafted shape values to trigger assertion failures and cause a denial of service.
19) Division by zero (CVE-ID: CVE-2022-21735)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to division by zero in the FractionalMaxPool operation when parsing input. A remote attacker can supply crafted input to trigger a crash and cause a denial of service.
20) Input validation error (CVE-ID: CVE-2022-21734)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in MapStage when processing a non-scalar key tensor. A remote attacker can supply a crafted key tensor to cause a denial of service.
21) Integer overflow (CVE-ID: CVE-2022-23568)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow in AddManySparseToTensorsMap when processing user-supplied sparse tensor shapes. A remote attacker can supply crafted input dimensions to trigger an assertion failure and cause a denial of service.
22) Integer overflow (CVE-ID: CVE-2022-23567)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow in Sparse*Cwise* ops when processing user-supplied sparse tensor shapes. A remote attacker can supply crafted input dimensions to cause a denial of service.
The issue can trigger excessive memory allocation or assertion failures when constructing new TensorShape objects.
23) Integer overflow (CVE-ID: CVE-2022-21733)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to integer overflow in the StringNGrams operation when processing crafted StringNGrams inputs. A local user can supply a negative pad_width value to trigger an out-of-memory condition to cause a denial of service.
24) Input validation error (CVE-ID: CVE-2022-21732)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in ThreadPoolHandle when processing the num_threads argument. A local user can supply an excessively large num_threads value to cause a denial of service.
25) Type Confusion (CVE-ID: CVE-2022-21731)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to type confusion in ConcatV2 shape inference when processing a crafted axis argument. A remote attacker can supply a specially crafted input to trigger a segmentation fault and cause a denial of service.
26) Integer overflow (CVE-ID: CVE-2022-21729)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to integer overflow leading to division by zero in UnravelIndex when processing crafted indices and dims values. A local user can supply crafted input to trigger a crash to cause a denial of service.
27) Out-of-bounds read (CVE-ID: CVE-2022-21730)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the FractionalAvgPoolGrad operation when parsing invalid input tensors. A remote attacker can supply crafted tensor values to disclose sensitive information.
28) Integer overflow (CVE-ID: CVE-2022-21727)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow in shape inference for Dequantize when processing a crafted axis attribute. A remote attacker can supply a specially crafted axis value to cause a denial of service.
29) Out-of-bounds read (CVE-ID: CVE-2022-21726)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in the Dequantize operation when parsing a crafted axis value. A remote attacker can supply a specially crafted input to trigger heap out-of-bounds access and cause a denial of service.
30) Out-of-bounds read (CVE-ID: CVE-2022-21728)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the shape inference for ReverseSequence when processing a ReverseSequence operation with a negative batch_dim value. A remote attacker can supply a specially crafted ReverseSequence operation to disclose sensitive information.
The issue occurs because negative batch_dim values are not fully validated, and excessively negative values can cause access before the start of the dimensions array.
31) Input validation error (CVE-ID: CVE-2022-21725)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the convolution cost estimator when processing convolution operators with a zero stride value. A remote attacker can supply crafted input that sets the stride to zero to cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
- https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278
- https://github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7
- https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9px9-73fg-3fqp
- https://github.com/tensorflow/tensorflow/commit/0a365c029e437be0349c31f8d4c9926b69fa3fa1
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v
- https://github.com/tensorflow/tensorflow/commit/c2426bba00a01de6913738df8fa78e0215fcce02
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr
- https://github.com/tensorflow/tensorflow/commit/92dba16749fae36c246bec3f9ba474d9ddeb7662
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7
- https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8cxv-76p7-jxwr
- https://github.com/tensorflow/tensorflow/commit/4f38b1ac8e42727e18a2f0bde06d3bee8e77b250
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wm93-f238-7v37
- https://github.com/tensorflow/tensorflow/commit/b9bd6cfd1c50e6807846af9a86f9b83cafc9c8ae
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c94w-c95p-phf8
- https://github.com/tensorflow/tensorflow/commit/fcd18ce3101f245b083b30655c27b239dc72221e
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3
- https://github.com/tensorflow/tensorflow/commit/14fea662350e7c26eb5fe1be2ac31704e5682ee6
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq
- https://github.com/tensorflow/tensorflow/commit/6c0b2b70eeee588591680f5b7d5d38175fd7cdf6
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3
- https://github.com/tensorflow/tensorflow/commit/a1e1511dde36b3f8aa27a6ec630838e7ea40e091
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj
- https://github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bc
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r
- https://github.com/tensorflow/tensorflow/commit/2b7100d6cdff36aa21010a82269bc05a6d1cc74a
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5
- https://github.com/tensorflow/tensorflow/commit/53b0dd6dc5957652f35964af16b892ec9af4a559
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9
- https://github.com/tensorflow/tensorflow/commit/965b97e4a9650495cda5a8c210ef6684b4b9eceb
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh
- https://github.com/tensorflow/tensorflow/security/advisory/tfsa-2021-198.md
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj
- https://github.com/tensorflow/tensorflow/commit/ba4e8ac4dc2991e350d5cc407f8598c8d4ee70fb
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm
- https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2
- https://github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1c
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43
- https://github.com/tensorflow/tensorflow/commit/1b54cadd19391b60b6fcccd8d076426f7221d5e8
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g
- https://github.com/tensorflow/tensorflow/commit/f68fdab93fb7f4ddb4eb438c8fe052753c9413e8
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq
- https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353
- https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j
- https://github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47af
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4
- https://github.com/tensorflow/tensorflow/commit/002408c3696b173863228223d535f9de72a101a9
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw
- https://github.com/tensorflow/tensorflow/commit/b64638ec5ccaa77b7c1eb90958e3d85ce381f91b
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72
- https://github.com/tensorflow/tensorflow/commit/23968a8bf65b009120c43b5ebcceaf52dbc9e943
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8
- https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f
- https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a