AVID-2026-R0994

Description

Out of bounds read in Tensorflow (CVE-2022-23594)

Details

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.

Reason for inclusion in AVID: CVE-2022-23594 is a software vulnerability in TensorFlow (an AI framework). It affects the software stack used to build/train/deploy AI systems (GraphDef to MLIR conversion), making it a software supply-chain issue for general-purpose AI systems. It is a CVE-style security vulnerability (out-of-bounds read) with clear impact details, affecting AI software components rather than hardware/firmware alone.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
• https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-02-04
• Version: 0.3.3
• AVID Entry