CVE-2022-41911 is a recently discovered vulnerability affecting the TensorFlow library, an open-source platform for machine learning designed by Google. This vulnerability involves a problematic conversion from char variable to bool type when printing a tensor. In particular, the conversion will lead to undefined behavior if the char variable holds a value other than or 1. This issue is critical because sanitizers and fuzzers can crash, leading to instability with potential security implications.
Exploit Details
When using TensorFlow to print a tensor, the program retrieves the data as a const char* array. This array represents the underlying storage of the tensor. The problem arises when this const char* array is typecast to the element type, which in this case is a bool. This typecasting is deemed undefined if the char value falls outside or 1. Consequently, the inappropriate conversion forces the sanitizers and fuzzers to crash.
A code snippet demonstrating the issue is provided below
#include "tensorflow/core/framework/tensor.h"
#include "tensorflow/core/framework/types.h"
int main() {
tensorflow::Tensor tensor(tensorflow::DT_BOOL, tensorflow::TensorShape({1}));
tensor.flat<tensorflow::bool>().setConstant(2);
std::cout << tensor << std::endl;
return ;
}
By setting the tensor constant to 2, this code snippet demonstrates that the char-to-bool conversion crashes when the input value deviates from and 1.
Resolution
The TensorFlow development team has patched this issue in the GitHub commit 1be74370327. This fix addresses the problematic conversion by ensuring that values outside the -1 range are properly checked and sanitized before any typecasting occurs. The fix will be included in the upcoming TensorFlow version 2.11..
In addition to implementing the fix in TensorFlow 2.11., the development team will also cherrypick the commit to patch older and still-supported versions of TensorFlow. The affected versions include 2.10.1, 2.9.3, and 2.8.4.
References
1. TensorFlow GitHub Repository - Commit 1be74370327
2. TensorFlow Official Website
3. Common Vulnerabilities and Exposures (CVE) Database
Conclusion
CVE-2022-41911 highlights the importance of proper data handling and type conversion in complex software libraries like TensorFlow. By addressing this issue swiftly, the TensorFlow development team demonstrates a strong commitment to the security and stability of its open-source platform. As a user or developer reliant on TensorFlow, it is crucial to stay informed about potential vulnerabilities and update your software to the latest version to minimize risk.
Timeline
Published on: 11/18/2022 22:15:00 UTC
Last modified on: 11/23/2022 16:41:00 UTC