Home » Database

AVID-2026-R1077

Description

Segfault in QuantizedInstanceNorm in TensorFlow (CVE-2022-35970)

Details

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given x_min or x_max tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Reason for inclusion in AVID: The candidate CVE-2022-35970 describes a segfault in TensorFlow’s QuantizedInstanceNorm leading to denial of service, with a documented patch and affected version ranges. TensorFlow is an ML framework used in AI systems, and the issue affects a software component integral to training/serving AI models, i.e., a software supply-chain component. It is a security vulnerability with documented impact, evidence, and remediation guidance.

References

Affected or Relevant Artifacts

  • Developer: tensorflow
  • Deployer: tensorflow
  • Artifact Details:
TypeName
Systemtensorflow

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score5.9
Base Severity🟠 Medium
Attack VectorNETWORK
Attack Complexity🔴 High
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability Impact🔴 High

CWE

IDDescription
CWE-20CWE-20: Improper Input Validation

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2022-09-16
  • Version: 0.3.3
  • AVID Entry