CVE-2023-25672 – This vulnerability in TensorFlow's LookupTableI... (How to Fix)

Q: What is the severity of CVE-2023-25672?

CVE-2023-25672 has a CVSS score of 7.5 (HIGH). This vulnerability in TensorFlow's LookupTableImportV2 function causes a Null Pointer Exception (NPE) when scalar values are passed, potentially leading to denial of service. It affects TensorFlow users who utilize this specific function in their machine learning workflows. The vulnerability could crash TensorFlow processes when exploited.

📋 TL;DR

This vulnerability in TensorFlow's LookupTableImportV2 function causes a Null Pointer Exception (NPE) when scalar values are passed, potentially leading to denial of service. It affects TensorFlow users who utilize this specific function in their machine learning workflows. The vulnerability could crash TensorFlow processes when exploited.

💻 Affected Systems

Products:

TensorFlow

Versions: TensorFlow versions before 2.12.0 and 2.11.1

Operating Systems: All operating systems running TensorFlow

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects code using tf.raw_ops.LookupTableImportV2 function with scalar inputs.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing TensorFlow applications to crash, disrupting machine learning inference or training pipelines.

🟠

Likely Case

Application crashes or unexpected termination when LookupTableImportV2 is called with scalar inputs, requiring process restart.

🟢

If Mitigated

Minimal impact if proper input validation is implemented or the vulnerable function is not used.

🌐 Internet-Facing: MEDIUM - Exploitable if TensorFlow services are exposed with user-controlled inputs to LookupTableImportV2.

🏢 Internal Only: LOW - Requires specific API usage patterns and user-controlled input to trigger.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires calling the vulnerable function with scalar inputs, which may require specific application logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.12.0 or 2.11.1

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r

Restart Required: Yes

Instructions:

1. Update TensorFlow using pip: 'pip install --upgrade tensorflow==2.12.0' or 'pip install --upgrade tensorflow==2.11.1'. 2. Restart all TensorFlow applications and services.

🔧 Temporary Workarounds

Input Validation

all

Add validation to ensure LookupTableImportV2 is not called with scalar values

# Python code example:
import tensorflow as tf
import numpy as np

# Before calling LookupTableImportV2, check inputs:
def safe_lookup_table_import(table_handle, keys, values):
    if values.shape.ndims == 0:  # scalar check
        raise ValueError('Scalar values not supported for LookupTableImportV2')
    return tf.raw_ops.LookupTableImportV2(table_handle=table_handle, keys=keys, values=values)

🧯 If You Can't Patch

Implement input validation to prevent scalar values from reaching LookupTableImportV2
Monitor for application crashes and implement automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: 'python -c "import tensorflow as tf; print(tf.__version__)"' - if version is <2.12.0 and not 2.11.1, you are vulnerable.

Check Version:

python -c "import tensorflow as tf; print('TensorFlow version:', tf.__version__)"

Verify Fix Applied:

After update, verify version is 2.12.0 or 2.11.1 and test LookupTableImportV2 with scalar inputs to ensure no NPE occurs.

📡 Detection & Monitoring

Log Indicators:

Null Pointer Exception (NPE) errors in TensorFlow logs
Application crashes when using LookupTableImportV2

Network Indicators:

Unusual termination of TensorFlow services

SIEM Query:

source="tensorflow.logs" AND ("NullPointerException" OR "NPE" OR "LookupTableImportV2" AND "crash")

📊 Metadata

CVE ID: CVE-2023-25672

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: March 25, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69 Patch
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r Patch,Vendor Advisory
https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69 Patch
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25672, you might also want to check these: