Login Sign Up

CVE-2022-23594

8.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in TensorFlow's TFG dialect allows attackers to cause crashes or potentially execute arbitrary code by manipulating SavedModel files on disk. When these malicious files are processed during MLIR conversion, they can trigger heap out-of-bounds reads/writes. Anyone using TensorFlow with TFG dialect conversion is affected.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow versions before 2.11.0
Operating Systems: All platforms running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using TFG dialect conversion with SavedModel files

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crashes causing denial of service and potential data corruption

🟢

If Mitigated

Controlled crashes with minimal impact if proper input validation and isolation are in place

🌐 Internet-Facing: MEDIUM - Requires attackers to upload malicious SavedModel files to vulnerable endpoints
🏢 Internal Only: LOW - Requires local file system access or internal user compromise

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to modify SavedModel files on disk and trigger MLIR conversion

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.11.0 and later

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2

Restart Required: Yes

Instructions:

1. Update TensorFlow to version 2.11.0 or later using pip: pip install --upgrade tensorflow 2. Restart all TensorFlow services and applications

🔧 Temporary Workarounds

Input validation for SavedModel files

all

Implement strict validation of SavedModel files before processing

Restrict file system access

linux

Limit write access to directories containing SavedModel files

chmod 644 /path/to/savedmodels/*
chown root:root /path/to/savedmodels/

🧯 If You Can't Patch

  • Isolate TensorFlow services in containers with minimal privileges
  • Implement strict access controls on SavedModel directories and monitor for unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)'

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify version is 2.11.0 or higher and test SavedModel processing functionality

📡 Detection & Monitoring

Log Indicators:

  • Python interpreter crashes
  • Segmentation faults in TensorFlow processes
  • Unexpected SavedModel file modifications

Network Indicators:

  • Unusual file uploads to TensorFlow endpoints
  • Failed MLIR conversion attempts

SIEM Query:

source="tensorflow" AND (event="crash" OR event="segfault")

📊 Metadata

CVE ID: CVE-2022-23594
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-125
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23594, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)