Headline
CVE-2022-35963: Fix security vulnerability with FractionalAvgPoolGrad · tensorflow/tensorflow@03a659d
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input orig_input_tensor_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
@@ -12,22 +12,23 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ==============================================================================*/
#define EIGEN_USE_THREADS
#include <algorithm> #include <cmath> #include <random> #include <vector>
#include “tensorflow/core/kernels/fractional_pool_common.h”
#include “third_party/eigen3/unsupported/Eigen/CXX11/Tensor” #include “tensorflow/core/framework/numeric_op.h” #include “tensorflow/core/framework/op_kernel.h” #include “tensorflow/core/kernels/fractional_pool_common.h” #include “tensorflow/core/lib/random/random.h” #include “tensorflow/core/platform/logging.h” #include “tensorflow/core/platform/mutex.h” #include “tensorflow/core/util/guarded_philox_random.h” #include “tensorflow/core/util/overflow.h”
namespace tensorflow { typedef Eigen::ThreadPoolDevice CPUDevice; @@ -241,7 +242,32 @@ class FractionalAvgPoolGradOp : public OpKernel { orig_input_tensor_shape.NumElements() == 4, errors::InvalidArgument(“original input tensor shape must be” “1-dimensional and 4 elements”)); int64_t num_elements = 1; for (int i = 0; i < orig_input_tensor_shape.dims(); i++) { OP_REQUIRES(context, orig_input_tensor_shape.dim_size(i) > 0, errors::InvalidArgument( "orig_input_tensor_shape must be positive, got: ", orig_input_tensor_shape.dim_size(i))); num_elements = MultiplyWithoutOverflow( num_elements, orig_input_tensor_shape.dim_size(i)); OP_REQUIRES( context, num_elements > 0, errors::InvalidArgument( "The total elements specified by orig_input_tensor_shape", " is too large. Encountered overflow after multiplying ", orig_input_tensor_shape.dim_size(i), ", result: ", num_elements)); }
const Tensor& out_backprop = context->input(1); OP_REQUIRES(context, out_backprop.dims() == 4, errors::InvalidArgument(“out_backprop must be 4-dimensional”)); for (int i = 0; i < out_backprop.dims(); i++) { OP_REQUIRES(context, out_backprop.dim_size(i) > 0, errors::InvalidArgument( "out_backprop must be positive for all dimension, got:", out_backprop.dim_size(i))); }
const Tensor& row_seq_tensor = context->input(2); const Tensor& col_seq_tensor = context->input(3);
Related news
### Impact The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. ```python import tensorflow as tf overlapping = True orig_input_tensor_shape = tf.constant(-1879048192, shape=[4], dtype=tf.int64) out_backprop = tf.constant([], shape=[0,0,0,0], dtype=tf.float64) row_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64) col_pooling_sequence = tf.constant(1, shape=[4], dtype=tf.int64) tf.raw_ops.FractionalAvgPoolGrad(orig_input_tensor_shape=orig_input_tensor_shape, out_backprop=out_backprop, row_pooling_sequence=row_pooling_sequence, col_pooling_sequence=col_pooling_sequence, overlapping=overlapping) ``` ### Patches We have patched the issue in GitHub commit [03a659d7be9a1154fdf5eeac221e5950fec07dad](https://github.com/tensorflow/tensorflow/commit/03a659d7be9a1154fdf5eeac221e5950fec07dad). The fix will be inc...