AVID-2026-R0799

Description

Heap OOB read in TFLite (CVE-2021-29606)

Details

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of Split_V(https://github.com/tensorflow/tensorflow/blob/c59c37e7b2d563967da813fa50fe20b21f4da683/tensorflow/lite/kernels/split_v.cc#L99). If axis_value is not a value between 0 and NumDimensions(input), then the SizeOfDimension function(https://github.com/tensorflow/tensorflow/blob/102b211d892f3abc14f845a72047809b39cc65ab/tensorflow/lite/kernels/kernel_util.h#L148-L150) will access data outside the bounds of the tensor shape array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29606 describes a heap out-of-bounds read in TensorFlow Lite (Split_V kernel), a software vulnerability in a core AI framework component. TensorFlow/TFLite are widely used in AI model training, deployment, and inference pipelines, making this a software supply-chain issue affecting AI systems. The vulnerability is exploitable via a specially crafted TFLite model (local access, high impact), with public CVE details and a patch timeline, providing clear evidence for AI relevance and security impact.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h4pc-gx2w-f2xv
• https://github.com/tensorflow/tensorflow/commit/ae2daeb45abfe2c6dda539cf8d0d6f653d3ef412

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry