PoC: Integer Overflow in Arm NN TensorShape::GetNumElements()
Vulnerability
Integer overflow in TensorShape::GetNumElements() in ARM-software/armnn (v26.01 and earlier).
Files
poc_overflow.armnn- Malicious Arm NN FlatBuffer model with dims [65536, 65537]poc_armnn_overflow.py- Python script to generate the PoC model
Impact
Heap buffer over-read of ~4GB when loading and running inference on the crafted model.
Details
See the full report for details on the integer overflow in 32-bit unsigned multiplication.