Description Preview
This CVE describes a vulnerability in TensorFlow where the TFG dialect’s assumptions about the incoming GraphDef can be invalidated if an attacker alters the SavedModel on disk. When the modified SavedModel is loaded and the GraphDef is converted to the MLIR-based IR, this can lead to a crash in the Python interpreter and, under certain scenarios, heap-based out-of-bounds reads or writes. The issue was discovered via fuzzing, and TensorFlow notes that additional weaknesses may exist and will be patched as discovered. The affected range is TensorFlow versions >= 2.7.0 and < 2.8.0, with a high-severity impact across confidentiality, integrity, and availability, and an attacker requiring local access with low privileges and no user interaction.
Overview
TensorFlow contains a high-severity, local vulnerability (CVE-2022-23594) in which tampering with a SavedModel can invalidate GraphDef assumptions that are used when converting to the MLIR-based IR. If the GraphDef is converted under these compromised conditions, the Python interpreter can crash, and heap out-of-bounds reads or writes may occur. The vulnerability affects TensorFlow 2.7.0 through versions prior to 2.8.0. The attack is low in complexity and does not require user interaction, though it necessitates local access and low privileges. The issue was found via fuzzing, and the project has indicated that additional weaknesses could exist and will be patched as they are discovered.
Remediation
- Upgrade TensorFlow to version 2.8.0 or newer (the fixed release for this issue).
- If upgrading immediately is not feasible, apply any available security patches or backports from TensorFlow and monitor for advisories related to CVE-2022-23594.
- Enforce integrity checks on SavedModel artifacts before loading (e.g., checksums, digital signatures) and limit the ability to modify SavedModels in production environments.
- Restrict access to the directory containing SavedModel data to trusted principals; use least-privilege principles and strong access controls to prevent unauthorized tampering.
- Validate inputs and configurations during model loading and GraphDef/MLIR conversion paths; consider enabling additional runtime or memory-safety hardening and fuzz-testing in development environments.
- After patching, re-test the model loading and conversion workflow to confirm that the vulnerability is mitigated and that no regressions were introduced.
References
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing: Low
- Finance and InsuranceFinance and Insurance: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- Retail TradeRetail Trade: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- ConstructionConstruction: Low
- Educational ServicesEducational Services: Low
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- InformationInformation: Low
- MiningMining: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Public AdministrationPublic Administration: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- UtilitiesUtilities: Low
- Wholesale TradeWholesale Trade: Low
