CVE-2022-35971 in TensorFlow
Summary
by MITRE • 09/17/2022
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/19/2022
The vulnerability identified as CVE-2022-35971 affects TensorFlow, a widely-used open source machine learning platform that serves as the foundation for numerous artificial intelligence applications across industries. This issue resides within the `FakeQuantWithMinMaxVars` operation, which is part of TensorFlow's quantization framework designed to reduce model size and improve inference performance by quantizing floating-point values to lower precision formats. The flaw represents a critical denial of service vulnerability that can be exploited by malicious actors to disrupt TensorFlow-based applications through controlled input manipulation.
The technical implementation of this vulnerability stems from insufficient validation of input tensor dimensions within the `FakeQuantWithMinMaxVars` function. When the operation receives min or max tensors with nonzero rank, the system encounters a CHECK fail condition that terminates execution. This occurs because the function does not properly validate that the min and max parameters are scalar values or tensors of rank zero, allowing attackers to craft malicious inputs that cause the application to crash. The vulnerability specifically manifests when tensor dimensions exceed the expected scalar format, triggering an assertion failure that cannot be gracefully handled by the application.
From an operational perspective, this vulnerability presents significant risks to TensorFlow deployments, particularly in production environments where reliability and availability are paramount. The denial of service condition can be triggered through controlled input manipulation, making it exploitable by attackers who can craft specific tensor inputs to cause application crashes. This affects all versions of TensorFlow within the supported release cycle, including 2.7.2, 2.8.1, 2.9.1, and the upcoming 2.10.0 release. The vulnerability's impact extends beyond simple application crashes to potentially disrupt machine learning workflows, model serving operations, and automated inference pipelines that depend on TensorFlow's quantization capabilities.
The fix implemented in commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0 addresses this issue by adding proper validation checks to ensure that min and max tensors maintain the expected rank zero format before processing. This defensive programming approach prevents the CHECK fail condition from occurring while maintaining backward compatibility for legitimate use cases. The vulnerability aligns with CWE-617, which describes reachable assertion conditions that can be exploited to cause program termination. From an ATT&CK framework perspective, this vulnerability maps to technique T1499.004, specifically focusing on network disruption through service availability attacks, and represents a denial of service vector that can be leveraged to compromise system availability.
Organizations utilizing TensorFlow should prioritize immediate deployment of the patched versions, particularly those running affected releases within the supported range. The cherrypick strategy ensures that older versions receive the fix, maintaining security coverage across the entire supported lifecycle. Given the absence of known workarounds, administrators must plan for version upgrades and implement proper monitoring to detect potential exploitation attempts. The vulnerability demonstrates the importance of input validation in machine learning frameworks, where improper parameter handling can lead to complete system disruption. Security teams should consider this issue as part of broader application security testing, particularly when evaluating TensorFlow integrations in production environments where service availability is critical for business operations.