Description:
This issue tracks a security fix for CVE-2020-15211, which has been unfixed in TFLite Micro since 2020.
Problem
GetEvalTensor() in TFLite Micro directly indexes tensors[] with attacker-controlled values from the model flatbuffer with no upper bound check. This was fixed in tensorflow/lite/core/subgraph.cc via CVE-2020-15211, but the equivalent fix was never backported to TFLM.
Solution
Add bounds validation for tensor indices read from the model (inputs, outputs, and subgraph references) in MarkAllocationLifetimes(), mirroring the fix already present in tensorflow/lite/core/subgraph.cc.
Return kTfLiteError on violation with descriptive error messages.
Related PR
Status
PR ready for review.
Description:
This issue tracks a security fix for CVE-2020-15211, which has been unfixed in TFLite Micro since 2020.
Problem
GetEvalTensor() in TFLite Micro directly indexes tensors[] with attacker-controlled values from the model flatbuffer with no upper bound check. This was fixed in tensorflow/lite/core/subgraph.cc via CVE-2020-15211, but the equivalent fix was never backported to TFLM.
Solution
Add bounds validation for tensor indices read from the model (inputs, outputs, and subgraph references) in MarkAllocationLifetimes(), mirroring the fix already present in tensorflow/lite/core/subgraph.cc.
Return kTfLiteError on violation with descriptive error messages.
Related PR
Status
PR ready for review.