CVE-2022-23587 – Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. (15th Feb 2022)

Preface: The number 2,147,483,647 (or hexadecimal 7FFF,FFFF) is the maximum positive value for a 32-bit signed binary integer.

Background: TensorFlow is an end-to-end open source platform for machine learning. It has a comprehensive, flexible ecosystem of tools, libraries and community resources that lets researchers push the state-of-the-art in ML and developers easily build and deploy ML powered applications. TensorFlow and Scikit-learn, two of the most popular words from the jargon of the Machine Learning world!

Scikit-learn (sklearn) is positioned as a general-purpose machine learning library , but TensorFlow (tf) is positioned as a deep learning library .

For easy to understand on what ways of processing data with machine learning models. See below details.
– Traditional machine learning: use feature engineering to artificially refine and clean the data
– Deep learning: using representation learning, the machine learning model itself refines the data

Vulnerability details: Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior.

Ref: For example: If below setup is customized for agriculture yield analytic and artificial intelligence irrigation system. From design point of view, input not only limit to climatic parameters were considered in predicting the crop yield, the crop yield is influenced by many other input parameters such as irrigation, fertilizer application, pesticide application etc. Since those data will be defined as user input data (crop arguments are user controlled). In this circumstances, if such parameters does not implement maximum data input limit value or verification. As a result, it can trigger an overflow maliciously.

Impact: The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Remedy: Vendor have patched the issue in GitHub commit 0aaaae6eca5a7175a193696383f582f53adab23f.

The fix will be included in TensorFlow 2.8.0. It also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.