AVID-2026-R0965

Description

Read and Write outside of bounds in TFLite (CVE-2022-23560)

Details

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible.

Reason for inclusion in AVID: CVE-2022-23560 describes out-of-bounds read/write in TensorFlow Lite, a core AI framework component. It enables an attacker to craft a TFLite model that can perform limited reads/writes beyond array bounds, affecting AI model execution. This is a software vulnerability in a component used to deploy AI models, not hardware/firmware-only, and directly impacts the reliability and security of AI software stacks. The advisory, CVSS data, and references provide clear evidence and remediation guidance (upgrade to TF 2.8.0 and cherry-picks). Therefore it constitutes a software supply chain vulnerability relevant to general-purpose AI systems.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v
• https://github.com/tensorflow/tensorflow/commit/6364463d6f5b6254cac3d6aedf999b6a96225038
• https://github.com/tensorflow/tensorflow/blob/ca6f96b62ad84207fbec580404eaa7dd7403a550/tensorflow/lite/kernels/internal/utils/sparsity_format_converter.cc#L252-L293

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-02-04
• Version: 0.3.3
• AVID Entry