High severityNVD Advisory· Published Mar 24, 2023· Updated Feb 19, 2025
TensorFlow has segmentation fault in tfg-translate
CVE-2023-25671
Description
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.11.1 | 2.11.1 |
tensorflow-cpuPyPI | < 2.11.1 | 2.11.1 |
Affected products
1- Range: < 2.11.1
Patches
22eedc8f676d2tfg-translate needs to call InitMlir
2 files changed · +3 −0
tensorflow/core/ir/importexport/BUILD+1 −0 modified@@ -219,6 +219,7 @@ tf_cc_binary( ":graphdef_export", ":graphdef_import", ":load_proto", + "//tensorflow/compiler/mlir:init_mlir", "//tensorflow/core:ops", # Ops need to be registered for import. "//tensorflow/core/ir:Dialect", "@llvm-project//mlir:IR",
tensorflow/core/ir/importexport/tfg-translate.cc+2 −0 modified@@ -19,6 +19,7 @@ limitations under the License. #include "mlir/Support/LogicalResult.h" // from @llvm-project #include "mlir/Tools/mlir-translate/MlirTranslateMain.h" // from @llvm-project #include "mlir/Tools/mlir-translate/Translation.h" // from @llvm-project +#include "tensorflow/compiler/mlir/init_mlir.h" #include "tensorflow/core/ir/dialect.h" #include "tensorflow/core/ir/importexport/graphdef_export.h" #include "tensorflow/core/ir/importexport/graphdef_import.h" @@ -63,6 +64,7 @@ TranslateFromMLIRRegistration mlir_to_graphdef( int main(int argc, char **argv) { mlir::registerAsmPrinterCLOptions(); + tensorflow::InitMlir y(&argc, &argv); return failed( mlir::mlirTranslateMain(argc, argv, "Graph(Def)<->TFG Translation Tool")); }
760322a71ac9[tfg] Fix out-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder
2 files changed · +72 −10
tensorflow/core/ir/importexport/functiondef_import.cc+20 −10 modified@@ -86,11 +86,11 @@ class ValueMapManager { return ::tensorflow::OkStatus(); } - Value GetValueOrCreatePlaceholder(StringRef full_name) { + tensorflow::StatusOr<Value> GetValueOrCreatePlaceholder(StringRef full_name) { StringRef node_name; StringRef output_name = ""; bool is_control_dep = full_name[0] == '^'; - int output_num = 0; + size_t output_num = 0; if (is_control_dep) full_name = full_name.drop_front(); { size_t colon_sep = full_name.find_first_of(':'); @@ -105,8 +105,16 @@ class ValueMapManager { // NOLINTNEXTLINE: type matching the API taking a reference. unsigned long long value; if (!llvm::getAsUnsignedInteger(output_name.drop_front(colon_sep + 1), - 10, value)) - output_num = value; + 10, value)) { + if (LLVM_LIKELY( + value <= + std::numeric_limits<llvm::SmallVectorSizeType<Value>>::max() - + 1)) + output_num = value; + else + return InvalidArgument("Output index ", value, + " is invalid (too large)"); + } output_name = output_name.take_front(colon_sep); } } @@ -171,8 +179,9 @@ Status ImportNodes(ValueMapManager value_manager, for (const std::string& input : node.input()) { if (input.empty()) return InvalidArgument("Node '", node.name(), "' has an empty input"); - state.operands.push_back( - value_manager.GetValueOrCreatePlaceholder(input)); + TF_ASSIGN_OR_RETURN(Value value, + value_manager.GetValueOrCreatePlaceholder(input)); + state.operands.push_back(value); } // Retrieve the entry in the nodes_map for this node and infer the result // count from what was inferred during the first traversal above. @@ -470,8 +479,9 @@ Status ImportGenericFunction( return InvalidArgument("Function '", func.signature().name(), "' has empty result name"); } - ret_vals[position->second] = - value_manager.GetValueOrCreatePlaceholder(ret_val.second); + TF_ASSIGN_OR_RETURN( + ret_vals[position->second], + value_manager.GetValueOrCreatePlaceholder(ret_val.second)); } for (const auto& ret_val : func.control_ret()) { auto position = control_output_to_position.find(ret_val.first); @@ -485,8 +495,8 @@ Status ImportGenericFunction( return InvalidArgument("Function '", func.signature().name(), "' has empty control result name"); } - Value result = value_manager.GetValueOrCreatePlaceholder( - (Twine("^") + ret_val.second).str()); + TF_ASSIGN_OR_RETURN(Value result, value_manager.GetValueOrCreatePlaceholder( + (Twine("^") + ret_val.second).str())); if (!result.getType().isa<ControlType>()) return InvalidArgument("failed to map returned value ", ret_val.second, ", isn't a control output");
tensorflow/core/ir/importexport/tests/graphdef_to_mlir/invalid_generic_function_named_edge_index.pbtxt+52 −0 added@@ -0,0 +1,52 @@ +# RUN: not tfg-translate -graphdef-to-mlir %s 2>&1 | FileCheck %s + +# CHECK: Output index 18446744073709551615 is invalid (too large) + +library { + function { + signature { + name: "foo" + attr { + name: "T" + type: "type" + } + } + node_def { + name: "two" + op: "Const" + attr { + key: "dtype" + value { + type: DT_INT64 + } + } + attr { + key: "value" + value { + tensor { + dtype: DT_INT64 + tensor_shape {} + int64_val: 2 + } + } + } + } + node_def { + name: "a" + op: "Cast" + input: "two:output:18446744073709551615" + attr { + key: "DstT" + value { + placeholder: "T" + } + } + attr { + key: "SrcT" + value { + type: DT_INT64 + } + } + } + } +}
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-j5w9-hmfh-4cr6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25671ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.