Login Sign Up

CVE-2022-23573

7.6 HIGH

📋 TL;DR

This vulnerability in TensorFlow's AssignOp implementation allows copying uninitialized data to new tensors, leading to undefined behavior. It affects users of TensorFlow who perform tensor assignment operations. The issue occurs because the code checks if the left-hand side tensor is initialized but fails to verify the right-hand side.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.5.0 to 2.7.0, and potentially earlier versions
Operating Systems: All platforms running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: All TensorFlow deployments using AssignOp operations are vulnerable by default.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to arbitrary code execution, data leakage, or application crashes.

🟠

Likely Case

Application instability, crashes, or unpredictable behavior during tensor operations.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented.

🌐 Internet-Facing: MEDIUM - Exploitation requires specific tensor operations but could affect ML inference services.
🏢 Internal Only: MEDIUM - Development and training environments could experience instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting specific tensor operations to trigger the uninitialized data copy.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.8.0, 2.7.1, 2.6.3, 2.5.3

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q85f-69q7-55h2

Restart Required: No

Instructions:

1. Update TensorFlow to patched version using pip: pip install --upgrade tensorflow==2.8.0 2. Verify installation with: python -c 'import tensorflow as tf; print(tf.__version__)'

🔧 Temporary Workarounds

Input Validation

all

Implement custom checks to ensure all tensors in assignment operations are properly initialized before use.

🧯 If You Can't Patch

  • Restrict tensor operations to trusted, validated inputs only
  • Implement runtime monitoring for tensor initialization errors

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)' - versions 2.5.0-2.7.0 are vulnerable.

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Confirm version is 2.8.0, 2.7.1, 2.6.3, or 2.5.3 using same command.

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow error logs containing 'uninitialized' or 'undefined behavior' messages
  • Application crashes during tensor assignment operations

Network Indicators:

  • Unusual patterns in ML inference request failures

SIEM Query:

source="tensorflow" AND ("uninitialized" OR "assignop" OR "undefined behavior")

📊 Metadata

CVE ID: CVE-2022-23573
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-908
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23573, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)