Vulnerability-Lookup

CNVD-2022-81227

Vulnerability from cnvd - Published: 2022-11-25

Title

Google TensorFlow存在未明漏洞（CNVD-2022-81227）

Description

Google TensorFlow是美国谷歌（Google）公司的一套用于机器学习的端到端开源平台。 Google TensorFlow存在安全漏洞，该漏洞源于`CONV_3D_TRANSPOSE` TensorFlow Lite运算符的参考内核在向结果添加偏差时错误地增加了data_ptr。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Google TensorFlow存在未明漏洞（CNVD-2022-81227）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-41894

Impacted products

Name
['Google TensorFlow <2.8.4', 'Google TensorFlow >=2.9.0，<2.9.3', 'Google TensorFlow >=2.10.0，<2.10.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41894",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41894"
    }
  },
  "description": "Google TensorFlow\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u7684\u7aef\u5230\u7aef\u5f00\u6e90\u5e73\u53f0\u3002\n\nGoogle TensorFlow\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e`CONV_3D_TRANSPOSE` TensorFlow Lite\u8fd0\u7b97\u7b26\u7684\u53c2\u8003\u5185\u6838\u5728\u5411\u7ed3\u679c\u6dfb\u52a0\u504f\u5dee\u65f6\u9519\u8bef\u5730\u589e\u52a0\u4e86data_ptr\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-81227",
  "openTime": "2022-11-25",
  "patchDescription": "Google TensorFlow\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u7684\u7aef\u5230\u7aef\u5f00\u6e90\u5e73\u53f0\u3002\r\n\r\nGoogle TensorFlow\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e`CONV_3D_TRANSPOSE` TensorFlow Lite\u8fd0\u7b97\u7b26\u7684\u53c2\u8003\u5185\u6838\u5728\u5411\u7ed3\u679c\u6dfb\u52a0\u504f\u5dee\u65f6\u9519\u8bef\u5730\u589e\u52a0\u4e86data_ptr\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google TensorFlow\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-81227\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google TensorFlow \u003c2.8.4",
      "Google TensorFlow \u003e=2.9.0\uff0c\u003c2.9.3",
      "Google TensorFlow \u003e=2.10.0\uff0c\u003c2.10.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-41894",
  "serverity": "\u9ad8",
  "submitTime": "2022-11-23",
  "title": "Google TensorFlow\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-81227\uff09"
}

CVE-2022-41894 (GCVE-0-2022-41894)

Vulnerability from cvelistv5 – Published: 2022-11-18 00:00 – Updated: 2025-04-22 16:04

Title

Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

Summary

TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/tensorflow/tensorflow/security…
	https://github.com/tensorflow/tensorflow/commit/7…
	https://github.com/tensorflow/tensorflow/blob/091…

Impacted products

	Vendor	Product	Version
	tensorflow	tensorflow	Affected: >= 2.10.0, < 2.10.1 Affected: >= 2.9.0, < 2.9.3 Affected: < 2.8.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/72c0bdcb25305b0b36842d746cc61d72658d2941"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/blob/091e63f0ea33def7ecad661a5ac01dcafbafa90b/tensorflow/lite/kernels/internal/reference/conv3d_transpose.h#L121"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41894",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:39.752489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:04:55.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.10.0, \u003c 2.10.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.9.0, \u003c 2.9.3"
            },
            {
              "status": "affected",
              "version": "\u003c 2.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels \u003e output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-18T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5"
        },
        {
          "url": "https://github.com/tensorflow/tensorflow/commit/72c0bdcb25305b0b36842d746cc61d72658d2941"
        },
        {
          "url": "https://github.com/tensorflow/tensorflow/blob/091e63f0ea33def7ecad661a5ac01dcafbafa90b/tensorflow/lite/kernels/internal/reference/conv3d_transpose.h#L121"
        }
      ],
      "source": {
        "advisory": "GHSA-h6q3-vv32-2cq5",
        "discovery": "UNKNOWN"
      },
      "title": "Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41894",
    "datePublished": "2022-11-18T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:04:55.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-81227

CVE-2022-41894 (GCVE-0-2022-41894)

Tags

Sightings

Nomenclature