CVE-2022-35959 in TensorFlow
Summary
by MITRE • 09/17/2022
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/19/2022
The vulnerability CVE-2022-35959 resides within TensorFlow's AvgPool3DGradOp implementation, representing a critical security flaw that can be exploited to execute denial of service attacks. This issue specifically targets the input validation mechanism for the `orig_input_shape` parameter, which fails to properly validate the dimensional constraints of three-dimensional pooling operations. The vulnerability manifests when malicious input parameters are provided to the AvgPool3DGradOp function, creating conditions that lead to integer overflow scenarios within the computational pipeline.
The technical exploitation of this vulnerability occurs through a CHECK failure mechanism that is designed to detect invalid program states during execution. When the `orig_input_shape` parameter exceeds acceptable bounds, the validation logic fails to properly constrain the input values, resulting in an arithmetic overflow that triggers a CHECK assertion failure. This failure causes the TensorFlow runtime to terminate abruptly, effectively rendering the service unavailable to legitimate users. The vulnerability is particularly concerning because it operates at the core computational layer of machine learning frameworks, where such failures can cascade across entire inference pipelines and model serving systems.
From a cybersecurity perspective, this vulnerability aligns with CWE-191, which describes integer underflow or overflow conditions, and represents a classic example of how insufficient input validation can lead to denial of service scenarios. The attack vector requires an adversary to submit specifically crafted input parameters to the AvgPool3DGradOp function, making this a targeted vulnerability rather than a widespread exploit. However, the impact remains severe as it can be triggered through legitimate API interactions, making it particularly dangerous in production environments where TensorFlow serves as a core component of machine learning infrastructure.
The operational impact of this vulnerability extends beyond simple service disruption to encompass potential business continuity risks for organizations relying on TensorFlow-based machine learning platforms. Systems that process large volumes of inference requests may experience cascading failures when this vulnerability is exploited, leading to extended downtime and potential loss of service availability. The vulnerability affects multiple TensorFlow versions including 2.7.2, 2.8.1, 2.9.1, and the affected versions require immediate patching to prevent exploitation. Organizations using TensorFlow in production environments must prioritize this update as part of their vulnerability management processes.
The mitigation strategy for CVE-2022-35959 involves applying the patched commit 9178ac9d6389bdc54638ab913ea0e419234d14eb which introduces proper input validation for the `orig_input_shape` parameter. This fix implements comprehensive bounds checking that prevents the integer overflow conditions leading to CHECK failures. The patch has been integrated into TensorFlow 2.10.0 and backported to older supported versions, ensuring that organizations can select the appropriate version based on their compatibility requirements. Security teams should implement immediate deployment of these patches across all affected systems, particularly in environments where TensorFlow serves as a critical component of machine learning workloads. The vulnerability does not have any known workarounds, making the patch deployment the sole effective mitigation strategy. Organizations should also consider implementing monitoring solutions to detect potential exploitation attempts targeting this specific vulnerability within their TensorFlow-based infrastructure.