Unrated severityNVD Advisory· Published Sep 16, 2022· Updated Apr 23, 2025

OOB read in `Gather_nd` op in TensorFlow Lite Micro

CVE-2022-35938

Description

TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

Affected products

Tensorflow/Tensorflowv5
Range: < 2.7.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/tensorflow/tensorflow/security/advisories/GHSA-3m3g-pf5v-5hpjmitrex_refsource_CONFIRM
github.com/tensorflow/tflite-micro/blob/1bc98621180a350eb4e8d3318ea8e228c7559b37/tensorflow/lite/micro/kernels/gather_nd.ccmitrex_refsource_MISC
github.com/tensorflow/tflite-micro/commit/4142e47e9e31db481781b955ed3ff807a781b494mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000