AVID-2026-R1080

Description

Segfault in QuantizedMatMul in TensorFlow (CVE-2022-35973)

Details

TensorFlow is an open source platform for machine learning. If QuantizedMatMul is given nonscalar input for: min_a, max_a, min_b, or max_b It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Reason for inclusion in AVID: CVE-2022-35973 describes a segfault in TensorFlow’s QuantizedMatMul that can be triggered by invalid input, leading to denial of service. This is a software vulnerability within a core AI framework used to build/run ML models, i.e., a component in the AI software stack. The issue affects TensorFlow and has a patch available, with documented CVE and affected versions, satisfying evidence for a software supply chain vulnerability in AI systems.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v
• https://github.com/tensorflow/tensorflow/commit/aca766ac7693bf29ed0df55ad6bfcc78f35e7f48

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-09-16
• Version: 0.3.3
• AVID Entry