#VU83224 Out-of-bounds read in TensorFlow - CVE-2022-23592

Cybersecurity Help s.r.o.

Published: 2023-11-16

Vulnerability identifier: #VU83224

Vulnerability risk: Low

CVSSv4.0: 2.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-23592

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TensorFlow
Server applications / Other server solutions

Vendor: TensorFlow

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to heap out-of-bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). A remote user can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args` and read contents of memory on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

TensorFlow: 2.7.0 - 2.7.4

External links
https://github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.cc#L223-L229
https://github.com/tensorflow/tensorflow/commit/c99d98cd189839dcf51aee94e7437b54b31f8abd
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vq36-27g6-p492

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Watson Machine Learning Accelerator on Cloud Pak for Data