CVE-2022-35964 in TensorFlow
Summary
by MITRE • 09/17/2022
TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/19/2022
The vulnerability identified as CVE-2022-35964 affects TensorFlow, a widely-used open source machine learning platform that serves as the foundation for numerous artificial intelligence applications across industries. This issue resides within the BlockLSTMGradV2 implementation, which represents a critical component in recurrent neural network architectures commonly employed in natural language processing and time series analysis tasks. The flaw manifests as insufficient input validation mechanisms within the gradient computation process for LSTM blocks, creating a potential attack surface that could be exploited by malicious actors seeking to disrupt system operations.
The technical nature of this vulnerability stems from the inadequate validation of input parameters during the BlockLSTMGradV2 operation execution. When malformed or unexpected input data is processed through this function, the system fails to properly handle the edge cases, leading to a segmentation fault that causes the application to crash. This particular implementation flaw falls under the category of improper input validation as classified by CWE-20, which represents one of the most common software security weaknesses. The segmentation fault occurs during the gradient computation phase of LSTM operations, specifically when TensorFlow attempts to calculate gradients for backpropagation in recurrent neural networks.
From an operational perspective, this vulnerability presents a significant denial of service threat that could impact any system running affected TensorFlow versions. The segfault condition can be reliably triggered through carefully crafted input parameters, making it a predictable and exploitable weakness. Attackers could leverage this vulnerability to disrupt machine learning services, training pipelines, or inference systems that depend on LSTM architectures. The impact extends beyond simple service disruption as it could potentially affect production environments where TensorFlow is used for critical AI workloads, including autonomous systems, recommendation engines, and natural language processing applications. Organizations utilizing TensorFlow in production environments face the risk of service interruptions that could cascade into broader operational impacts.
The security community has addressed this vulnerability through a targeted fix implemented in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. This patch has been incorporated into TensorFlow 2.10.0 and has been cherry-picked for inclusion in older but still supported versions including TensorFlow 2.9.1, 2.8.1, and 2.7.2. The fix demonstrates the maintainers' commitment to addressing security concerns in their widely-deployed software platform. However, organizations should note that there are no known workarounds for this issue, meaning that the only effective mitigation strategy involves applying the official patches or upgrading to supported versions that contain the fix. The vulnerability affects all versions within the supported release cycle, emphasizing the importance of maintaining current software versions and following security update procedures to protect against such threats that could compromise the reliability and availability of machine learning infrastructure.