Login Sign Up

CVE-2023-25670

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in TensorFlow's QuantizedMatMulWithBiasAndDequantize operation when MKL (Math Kernel Library) is enabled. It affects TensorFlow installations using MKL acceleration, potentially causing crashes or denial of service. Users running TensorFlow with MKL enabled on affected versions are vulnerable.

💻 Affected Systems

Products:
  • TensorFlow
Versions: All versions before 2.12.0 and 2.11.1
Operating Systems: All operating systems where TensorFlow with MKL is installed
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when MKL (Intel Math Kernel Library) is enabled. Many installations use default configurations without MKL.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potentially disrupting machine learning inference or training pipelines.

🟠

Likely Case

Process termination when the vulnerable operation is called with specific inputs, causing service interruption.

🟢

If Mitigated

Minimal impact if proper error handling and monitoring are in place to restart affected services.

🌐 Internet-Facing: MEDIUM - If exposed APIs use the vulnerable operation, attackers could trigger crashes.
🏢 Internal Only: MEDIUM - Internal ML pipelines could be disrupted, affecting business operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific QuantizedMatMulWithBiasAndDequantize operation with MKL enabled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.12.0 or 2.11.1

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w

Restart Required: Yes

Instructions:

1. Upgrade TensorFlow to version 2.12.0 or 2.11.1 using pip: 'pip install --upgrade tensorflow==2.12.0' 2. Restart all services using TensorFlow.

🔧 Temporary Workarounds

Disable MKL

all

Disable Intel MKL acceleration to avoid the vulnerable code path

export TF_DISABLE_MKL=1
export TF_ENABLE_ONEDNN_OPTS=0

🧯 If You Can't Patch

  • Disable MKL acceleration using environment variables
  • Implement circuit breakers and monitoring to detect and restart crashed services

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version and MKL status: 'python -c "import tensorflow as tf; print('Version:', tf.__version__); print('MKL enabled:', tf.pywrap_tensorflow.IsMklEnabled())"'

Check Version:

python -c "import tensorflow as tf; print(tf.__version__)"

Verify Fix Applied:

Verify version is 2.12.0 or 2.11.1: 'python -c "import tensorflow as tf; print(tf.__version__)"'

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from TensorFlow processes
  • Error messages containing 'QuantizedMatMulWithBiasAndDequantize'

Network Indicators:

  • Sudden drop in ML service availability

SIEM Query:

source="tensorflow.log" AND ("segmentation fault" OR "null pointer" OR "QuantizedMatMul")

📊 Metadata

CVE ID: CVE-2023-25670
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: March 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25670, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)