Division by zero in TFLite
Description
A division by zero in TensorFlow's depthwise convolution implementation allows an attacker to cause a denial of service via a crafted TFLite model.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A division by zero in TensorFlow's depthwise convolution implementation allows an attacker to cause a denial of service via a crafted TFLite model.
Vulnerability
A division by zero vulnerability exists in the implementation of depthwise convolutions in TensorFlow (TFLite). The parameters of the convolution are user-controlled and are used in a division operation to determine the size of padding to add before applying the convolution. There is no check that the divisor is strictly positive, leading to a division by zero. Affected versions include TensorFlow 2.5.0 through 2.5.2, 2.6.0 through 2.6.2, and 2.7.0. The fix is included in TensorFlow 2.8.0 and cherry-picked to 2.7.1, 2.6.3, and 2.5.3 [1].
Exploitation
An attacker can craft a TFLite model with specific convolution parameters that trigger a division by zero. No authentication or special privileges are required; the attacker only needs to supply the malicious model to a TensorFlow application that processes it. The division occurs during model loading or inference, causing a crash [1].
Impact
Successful exploitation results in a denial of service (DoS) due to the division by zero, causing the TensorFlow process to crash. No code execution or data disclosure is indicated [1].
Mitigation
Users should upgrade to TensorFlow 2.8.0, 2.7.1, 2.6.3, or 2.5.3, which contain the fix. No workaround is available for unpatched versions [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
5- osv-coords4 versions
< 2.5.3+ 3 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
Patches
1e5b0eec199c2[lite] Add validation check for dilation height/width to be positive integers.
1 file changed · +2 −0
tensorflow/lite/kernels/depthwise_conv.cc+2 −0 modified@@ -115,6 +115,8 @@ TfLiteStatus Prepare(TfLiteContext* context, TfLiteNode* node) { TF_LITE_ENSURE_EQ(context, NumDimensions(input), 4); TF_LITE_ENSURE_EQ(context, NumDimensions(filter), 4); + TF_LITE_ENSURE(context, params->dilation_height_factor > 0); + TF_LITE_ENSURE(context, params->dilation_width_factor > 0); const TfLiteType data_type = input->type;
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-428x-9xc2-m8mjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21741ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-65.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-120.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/lite/kernels/depthwise_conv.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/e5b0eec199c2d03de54fd6a7fd9275692218e2bcghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.