5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-36012

CVE-2022-36012: TensorFlow vulnerable to assertion fail on MLIR empty edge names

Impact

When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes.

// We pre-allocate the array of operands and populate it using the
// `output_name_to_position` and `control_output_to_position` populated
// previously.
SmallVector<Value> ret_vals(func.ret_size() + func.control_ret_size(),
                            Value());
for (const auto& ret_val : func.ret()) {
  auto position = output_name_to_position.find(ret_val.first);
  if (position == output_name_to_position.end())
    return InvalidArgument(
        "Can't import function, returned value references unknown output "
        "argument ",
        ret_val.first);
  ret_vals[position->second] =
      value_manager.GetValueOrCreatePlaceholder(ret_val.second);
}
for (const auto& ret_val : func.control_ret()) {
  auto position = control_output_to_position.find(ret_val.first);
  if (position == control_output_to_position.end())
    return InvalidArgument(
        "Can't import function, returned value references unknown output "
        "argument ",
        ret_val.first);
  Value result = value_manager.GetValueOrCreatePlaceholder(
      (Twine("^") + ret_val.second).str());

ret_val.second cannot be empty. Neither can input.

// Process every node and create a matching MLIR operation
for (const NodeDef& node : nodes) {
  if (node.op().empty()) return InvalidArgument("empty op type");
  OperationState state(unknown_loc, absl::StrCat("tfg.", node.op()));
  // Fetch the inputs, creating placeholder if an input hasn't been visited.
  for (const std::string& input : node.input())
    state.operands.push_back(
        value_manager.GetValueOrCreatePlaceholder(input));

Patches

We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b.

The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-36012

CVE-2022-36012:

5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tensorflow	pip	< 2.7.2	2.7.2
tensorflow	pip	>= 2.8.0, < 2.8.1	2.8.1
tensorflow	pip	>= 2.9.0, < 2.9.1	2.9.1
tensorflow-cpu	pip	< 2.7.2	2.7.2
tensorflow-cpu	pip	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-cpu	pip	>= 2.9.0, < 2.9.1	2.9.1
tensorflow-gpu	pip	< 2.7.2	2.7.2
tensorflow-gpu	pip	>= 2.8.0, < 2.8.1	2.8.1
tensorflow-gpu	pip	>= 2.9.0, < 2.9.1	2.9.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing validation checks for empty edge names in two key areas: 1) When processing function return values (ret) and control returns (control_ret) in ImportGenericFunction, empty ret_val.second values would cause invalid placeholder creation. 2) In ImportNodes, empty node input strings would lead to invalid operations. The patch added explicit checks (ret_val.second.empty() and input.empty()) in these locations, confirming these were the vulnerable code paths. Both functions are in functiondef_import.cc and directly handle the edge name processing that caused the crash.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-36012: TensorFlow vulnerable to assertion fail on MLIR empty edge names

Impact

Patches

For more information

CVE-2022-36012:

5.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.9

5.9

Basic Information

Basic Information

Technical Details

CVE-2022-36012: TensorFlow vulnerable to assertion fail on MLIR empty edge names

Impact

Patches

For more information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI