AVID-2026-R1140

Description

Segfault via invalid attributes in pywrap_tfe_src.cc in Tensorflow (CVE-2022-41889)

Details

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extract_volume_patches by passing in quantized tensors as input ksizes. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: This CVE describes a NULL pointer dereference (segfault) in TensorFlow (an AI framework). TensorFlow is widely used in AI/ML pipelines, so the vulnerability concerns AI software stacks and could impact build/run of general-purpose AI systems. The issue is documented with a patched commit and references, indicating a formal security vulnerability with available remediation, affecting software supply chains (TensorFlow library).

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g
• https://github.com/tensorflow/tensorflow/commit/e9e95553e5411834d215e6770c81a83a3d0866ce
• https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/generate_box_proposals_op.cu.cc

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-11-18
• Version: 0.3.3
• AVID Entry