AVID-2026-R1079

Description

Segfault in QuantizedBiasAdd in TensorFlow (CVE-2022-35972)

Details

TensorFlow is an open source platform for machine learning. If QuantizedBiasAdd is given min_input, max_input, min_bias, max_bias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Reason for inclusion in AVID: CVE-2022-35972 describes a segmentation fault in TensorFlow’s QuantizedBiasAdd that can be triggered by certain input tensors, leading to a denial of service. TensorFlow is a core AI/ML framework; vulnerabilities in such software directly impact the software stack used to build, train, deploy, and serve general-purpose AI systems. This is a software supply chain concern (a vulnerability in a dependency/framework), not hardware/firmware-only. The report provides explicit CVE details and a patch commit, giving clear evidence of a security vulnerability with an impact on availability in AI software stacks.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-09-16
• Version: 0.3.3
• AVID Entry