CVE-2022-35992 in TensorFlow
Summary
by MITRE • 09/17/2022
TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/19/2022
The vulnerability identified as CVE-2022-35992 affects TensorFlow, a widely used open source machine learning platform that serves as the foundation for numerous artificial intelligence applications across industries. This issue resides within the TensorListFromTensor operation which processes tensor data structures for machine learning workflows. The flaw manifests when the operation receives an element_shape parameter with a rank greater than one, creating a critical condition that triggers a CHECK fail mechanism. This defensive programming check is designed to catch invalid inputs but in this case becomes exploitable as a denial of service vector that can disrupt TensorFlow operations and potentially halt machine learning processes that depend on the affected functionality.
The technical implementation of this vulnerability stems from inadequate input validation within the TensorListFromTensor function. When processing tensor data with multidimensional element shapes, the system fails to properly handle cases where the element_shape parameter exceeds a single dimension, leading to a CHECK fail that terminates the process rather than gracefully handling the invalid input. This behavior represents a classic denial of service vulnerability where an attacker can craft malicious input parameters that cause the application to crash or become unresponsive. The vulnerability is categorized under CWE-691 as an Insufficient Control Flow Management, specifically involving improper handling of exceptional conditions during tensor processing operations.
From an operational impact perspective, this vulnerability poses significant risks to organizations relying on TensorFlow for machine learning workloads, particularly in production environments where system availability is critical. The denial of service attack can disrupt training processes, inference operations, and automated machine learning pipelines that depend on tensor list operations. The vulnerability affects multiple TensorFlow versions including 2.7.2, 2.8.1, 2.9.1, and the upcoming 2.10.0 release, indicating a broad impact across the supported version lifecycle. Given that TensorFlow is used extensively in cloud computing platforms, edge devices, and enterprise AI systems, this vulnerability could potentially affect thousands of deployments and applications that utilize tensor list processing functionality.
The mitigation strategy involves applying the patch provided in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee which has been incorporated into TensorFlow 2.10.0 and backported to the supported maintenance releases. Organizations should prioritize upgrading to these patched versions as the affected versions remain in active support. The vulnerability lacks known workarounds, making the immediate application of the security patch essential for maintaining system integrity and availability. This vulnerability aligns with ATT&CK technique T1499.004 for Network Denial of Service and represents a critical security concern that requires immediate attention from system administrators and security teams managing TensorFlow deployments. The fix addresses the root cause by implementing proper input validation and error handling for multidimensional element_shape parameters, ensuring that tensor operations gracefully handle edge cases rather than causing system termination.