CVE-2022-41894

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier

Description The reference kernel of the CONV 3D TRANSPOSE TensorFlow Lite operator wrongly increments the data ptr when adding the bias to the result. Instead of data ptr += num channels; it should be data ptr += output num channels; as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num channels > output num channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.

Recommendations For versions prior to 2.11, update to TensorFlow 2.11 or later. For versions 2.10.1 and earlier, update to TensorFlow 2.10.1 or later. For versions 2.9.3 and earlier, update to TensorFlow 2.9.3 or later. For versions 2.8.4 and earlier, update to TensorFlow 2.8.4 or later. As a temporary workaround, consider disabling the CONV 3D TRANSPOSE operator until a patch is available. Restrict access to the reference kernel resolver to minimize the risk of exploitation. Avoid using the experimental op resolver type=tf.lite.experimental.OpResolverType.BUILTIN REF in the interpreter until the issue is resolved.