Miggo Logo

CVE-2022-23581: `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.62772%
Published
2/7/2022
Updated
11/7/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip< 2.5.32.5.3
tensorflowpip>= 2.6.0, < 2.6.32.6.3
tensorflow-cpupip< 2.5.32.5.3
tensorflow-cpupip>= 2.6.0, < 2.6.32.6.3
tensorflow-gpupip< 2.5.32.5.3
tensorflow-gpupip>= 2.6.0, < 2.6.32.6.3
tensorflowpip= 2.7.02.7.1
tensorflow-cpupip= 2.7.02.7.1
tensorflow-gpupip= 2.7.02.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two specific CHECK assertions in IsSimplifiableReshape:

  1. CHECK_LE(2, node.input_size()) - Could fail if Reshape node has <2 inputs
  2. CHECK_EQ(1, outputs.size()) - Could fail if shape evaluation produced ≠1 output These were replaced with error returns in the patches (1fb2773 and 2406555). The CWE-617 (Reachable Assertion) classification confirms this pattern. The function's role in processing Reshape operations during optimization makes it a clear attack surface for crafted models.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** *r*ppl*r optimiz*r in T*nsor*low **n ** us** to **us* * **ni*l o* s*rvi** *y *lt*rin* * `S*v**Mo**l` su** t**t [`IsSimpli*i**l*R*s**p*`](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/

Reasoning

T** vuln*r**ility st*ms *rom two sp**i*i* ****K *ss*rtions in IsSimpli*i**l*R*s**p*: *. ****K_L*(*, no**.input_siz*()) - *oul* **il i* R*s**p* no** **s <* inputs *. ****K_*Q(*, outputs.siz*()) - *oul* **il i* s**p* *v*lu*tion pro*u*** ≠* output T**s*