1## TFSA-2020-022: Crash due to invalid shape of `grad_values` in SparseFillEmptyRowsGrad 2 3### CVE Number 4CVE-2020-15194 5 6### Impact 7The `SparseFillEmptyRowsGrad` implementation has [incomplete validation of the 8shapes of its 9arguments](https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L235-L241): 10```cc 11 OP_REQUIRES( 12 context, TensorShapeUtils::IsVector(reverse_index_map_t->shape()), 13 errors::InvalidArgument("reverse_index_map must be a vector, saw: ", 14 reverse_index_map_t->shape().DebugString())); 15 16 const auto reverse_index_map = reverse_index_map_t->vec<int64>(); 17 const auto grad_values = grad_values_t->vec<T>(); 18``` 19 20Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar 21pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, 22malicious users can pass a bad `grad_values_t` to trigger an assertion failure 23in `vec`, causing denial of service in serving installations. 24 25### Vulnerable Versions 26TensorFlow 1.15.0, 1.15.1, 1.15.2, 1.15.3, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 272.2.0, 2.3.0. 28 29### Patches 30We have patched the issue in 31[390611e0d45c5793c7066110af37c8514e6a6c54](https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54) 32and will release a patch release for all affected versions. 33 34We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 352.3.1. 36 37### For more information 38Please consult [our security 39guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for 40more information regarding the security model and how to contact us with issues 41and questions. 42 43### Attribution 44This vulnerability has been discovered through a variant analysis of [a 45vulnerability reported by members of the Aivul Team from Qihoo 46360](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2020-021.md). 47