We use cookies to improve your experience on our site.
AVID-2026-R0944
Description
Out of bounds read in Tensorflow (CVE-2022-21728)
Details
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batch_dim and can result in a heap OOB read. There is a check to make sure the value of batch_dim does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python’s negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of Dim would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Reason for inclusion in AVID: This candidate corresponds to CVE-2022-21728, an out-of-bounds read in TensorFlow affecting the AI framework used in ML pipelines. It is a software vulnerability in a core AI software stack component (TensorFlow shape inference), with potential security impact (memory read, crash) and high availability/ confidentiality implications. The report provides explicit details, references to NVD and advisories, and commit references documenting the fix, giving sufficient evidence for curation in AI software supply chain vulnerability tracking.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8
- https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995
- https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428
- https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
| Base Score | 8.1 |
| Base Severity | 🔴 High |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-02-03
- Version: 0.3.3
- AVID Entry