AVID-2026-R0973

Description

Reachable Assertion in Tensorflow (CVE-2022-23571)

Details

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2022-23571 describes a reachable assertion in TensorFlow when decoding a tensor from protobuf, leading to denial of service. This is a software vulnerability in a core ML framework (TensorFlow) that is widely used to build, train, deploy, and run AI systems. As such, it directly concerns AI software stacks and their supply chain (dependencies and runtimes used in model serving/training pipelines). The report provides CVE details, affected versions, impact, and references to fixes, giving sufficient evidence for inclusion.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j3mj-fhpq-qqjj
• https://github.com/tensorflow/tensorflow/commit/5b491cd5e41ad63735161cec9c2a568172c8b6a3

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-02-04
• Version: 0.3.3
• AVID Entry