AVID-2026-R1141

Description

CHECK fail in BCast overflow in Tensorflow (CVE-2022-41890)

Details

TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2022-41890 describes a TensorFlow vulnerability (BCast::ToShape overflow) that can cause a crash/denial-of-service in AI workloads. TensorFlow is a core AI framework used in general-purpose AI systems (training, serving, pipelines). The issue is in a software dependency used to build/run AI models, with an explicit fix in commits and CVSS indicating exploitation potential. This aligns with AI-related, GP AI supply chain vulnerabilities and provides CVE evidence of a security defect.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475
• https://github.com/tensorflow/tensorflow/commit/8310bf8dd188ff780e7fc53245058215a05bdbe5
• https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/util/bcast.h

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-11-18
• Version: 0.3.3
• AVID Entry