We use cookies to improve your experience on our site.
AVID-2026-R1031
Description
Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow (CVE-2022-29208)
Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for loc. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Reason for inclusion in AVID: CVE-2022-29208 concerns TensorFlow, a core AI framework. It describes a software vulnerability (segmentation fault and out-of-bounds write) in tf.raw_ops.EditDistance that affects multiple TensorFlow releases prior to patches. This is clearly a vulnerability in software used to develop and run general-purpose AI systems, located in a dependency/framework commonly leveraged in AI pipelines. The report provides explicit CVE details, affected versions, impact, and references (NVD entry, GitHub release pages, and advisory), supporting its relevance to AI software supply chains.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
- https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
- https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
- https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r2f-g8mw-9gvr
- https://github.com/tensorflow/tensorflow/commit/30721cf564cb029d34535446d6a5a6357bebc8e7
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Base Score | 7.1 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-787 | CWE-787: Out-of-bounds Write |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-05-20
- Version: 0.3.3
- AVID Entry