AVID-2026-R1087

Description

Segfault in RaggedBincount in TensorFlow (CVE-2022-35986)

Details

TensorFlow is an open source platform for machine learning. If RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Reason for inclusion in AVID: CVE-2022-35986 describes a segfault vulnerability in TensorFlow’s RaggedBincount when given an empty input, enabling potential denial-of-service. TensorFlow is a core AI framework, so this is an AI-related vulnerability in a widely used software component. It affects the software supply chain for general-purpose AI systems as a dependency/framework vulnerability, with a patched commit and affected versions documented. The issue is a security/safety vulnerability (DoS via a crash) with explicit evidence (CVSS, patch info, affected versions).

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v
• https://github.com/tensorflow/tensorflow/commit/7a4591fd4f065f4fa903593bc39b2f79530a74b8

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-09-16
• Version: 0.3.3
• AVID Entry