CVE-2023-25674 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2023-25674?

CVE-2023-25674 has a CVSS score of 7.5 (HIGH). This CVE describes a null pointer dereference vulnerability in TensorFlow's RandomShuffle operation when XLA (Accelerated Linear Algebra) is enabled. It affects TensorFlow versions prior to 2.12.0 and 2.11.1, potentially causing denial-of-service (DoS) or application crashes. Users running TensorFlow with XLA enabled are primarily at risk.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in TensorFlow's RandomShuffle operation when XLA (Accelerated Linear Algebra) is enabled. It affects TensorFlow versions prior to 2.12.0 and 2.11.1, potentially causing denial-of-service (DoS) or application crashes. Users running TensorFlow with XLA enabled are primarily at risk.

💻 Affected Systems

Products:

TensorFlow

Versions: Versions prior to 2.12.0 and 2.11.1

Operating Systems: All operating systems supporting TensorFlow

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when XLA (Accelerated Linear Algebra) is enabled; default configurations may not have XLA enabled.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Exploitation could lead to a denial-of-service (DoS) condition, crashing the TensorFlow process and disrupting machine learning workloads, possibly causing data loss or service unavailability.

🟠

Likely Case

Most probable impact is application instability or crashes when using RandomShuffle with XLA, resulting in temporary service interruptions for affected TensorFlow deployments.

🟢

If Mitigated

If proper controls like network segmentation and least privilege are in place, impact is limited to local DoS without remote code execution or data compromise.

🌐 Internet-Facing: MEDIUM, as the vulnerability requires XLA to be enabled and specific operations to be triggered, but internet-facing systems could be targeted for DoS attacks if exposed.

🏢 Internal Only: MEDIUM, as internal systems using TensorFlow with XLA could experience crashes affecting business operations, but exploitation typically requires local or authenticated access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires XLA to be enabled and specific use of RandomShuffle; no public proof-of-concept has been disclosed as of the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.12.0 or 2.11.1

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579

Restart Required: Yes

Instructions:

1. Identify the current TensorFlow version. 2. Upgrade to TensorFlow 2.12.0 or 2.11.1 using pip: 'pip install --upgrade tensorflow==2.12.0' or 'pip install --upgrade tensorflow==2.11.1'. 3. Restart any services or applications using TensorFlow to apply the fix.

🔧 Temporary Workarounds

Disable XLA

all

Disable XLA (Accelerated Linear Algebra) in TensorFlow configurations to mitigate the vulnerability, as it only affects RandomShuffle with XLA enabled.

Set environment variable: export TF_XLA_FLAGS=--tf_xla_auto_jit=0
Or configure TensorFlow to disable XLA in code: tf.config.optimizer.set_jit(False)

🧯 If You Can't Patch

Disable XLA in TensorFlow configurations to prevent exploitation of the vulnerability.
Implement network segmentation and restrict access to TensorFlow services to reduce attack surface.

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version and XLA status: run 'python -c "import tensorflow as tf; print(tf.__version__); print(tf.config.optimizer.get_jit())"' and verify if version is prior to 2.12.0 or 2.11.1 with XLA enabled.

Check Version:

python -c "import tensorflow as tf; print(tf.__version__)"

Verify Fix Applied:

After patching, run the same command to confirm TensorFlow version is 2.12.0 or 2.11.1 and test RandomShuffle operations with XLA to ensure no crashes occur.

📡 Detection & Monitoring

Log Indicators:

Look for application crash logs or error messages related to TensorFlow RandomShuffle operations, especially with null pointer references or segmentation faults.

Network Indicators:

Monitor for unusual traffic patterns or requests targeting TensorFlow services that could indicate exploitation attempts, though this is less specific.

SIEM Query:

Example query for logs: 'source="tensorflow.log" AND (error OR crash OR "null pointer" OR "RandomShuffle")'

📊 Metadata

CVE ID: CVE-2023-25674

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: March 25, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa Patch
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579 Patch,Vendor Advisory
https://github.com/tensorflow/tensorflow/commit/728113a3be690facad6ce436660a0bc1858017fa Patch
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25674, you might also want to check these: