AVID-2026-R1142

Description

Segfault in tf.raw_ops.TensorListConcat in Tensorflow (CVE-2022-41891)

Details

TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListConcat is given element_shape=[], it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2022-41891 describes a segfault in TensorFlow (tf.raw_ops.TensorListConcat) that can cause denial of service. This is a vulnerability in a core AI framework used in ML pipelines, affecting TensorFlow versions and deployed environments. It directly impacts software components in the AI stack (dependencies/runtimes) and has a documented patch, satisfying evidence. Therefore, it is relevant to AI-related software supply chain and security.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv
• https://github.com/tensorflow/tensorflow/commit/fc33f3dc4c14051a83eec6535b608abe1d355fde
• https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/list_kernels.h

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-11-18
• Version: 0.3.3
• AVID Entry