CVE-2022-23594

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.8.0 TensorFlow versions prior to 2.7.1

Description The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR, they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist.

Recommendations For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later. For versions prior to 2.7.1, update to TensorFlow 2.7.1 or later. As a temporary workaround, consider restricting access to the GraphDef conversion process to minimize the risk of exploitation. Avoid using the SavedModel format on disk that can invalidate the assumptions made by the TFG dialect of TensorFlow (MLIR) until the issue is resolved.