AVID-2026-R0983

Description

CHECK-failures during Grappler’s IsSimplifiableReshape in Tensorflow (CVE-2022-23581)

Details

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2022-23581 describes a denial-of-service vulnerability in TensorFlow’s Grappler optimizer triggered by crafted SavedModel graphs, affecting TensorFlow (a core AI framework). This concerns software used to build/train/deploy AI systems, i.e., a component of the AI software stack, not hardware-only. The CVE entry provides explicit impact, affected versions, and fixes, offering sufficient evidence for a security vulnerability in the AI software supply chain.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c
• https://github.com/tensorflow/tensorflow/commit/1fb27733f943295d874417630edd3b38b34ce082
• https://github.com/tensorflow/tensorflow/commit/240655511cd3e701155f944a972db71b6c0b1bb6
• https://github.com/tensorflow/tensorflow/commit/ebc1a2ffe5a7573d905e99bd0ee3568ee07c12c1
• https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/grappler/optimizers/constant_folding.cc#L1687-L1742

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-02-04
• Version: 0.3.3
• AVID Entry