Login Sign Up

CVE-2022-23566

8.8 HIGH

📋 TL;DR

CVE-2022-23566 is a heap out-of-bounds write vulnerability in TensorFlow's Grappler component that allows attackers to write arbitrary data to memory. This can lead to remote code execution, denial of service, or information disclosure. All TensorFlow users running affected versions are vulnerable.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.5.0 through 2.7.0, and earlier versions if not patched
Operating Systems: All operating systems running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: All TensorFlow deployments using the Grappler component are vulnerable by default.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes or memory corruption, potentially disrupting ML workflows.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented.

🌐 Internet-Facing: HIGH - TensorFlow services exposed to untrusted users can be directly exploited.
🏢 Internal Only: MEDIUM - Internal users with access to TensorFlow instances could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability provides a direct write primitive, making exploitation relatively straightforward for attackers with access to the TensorFlow instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.8.0, 2.7.1, 2.6.3, and 2.5.3

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5qw5-89mw-wcg2

Restart Required: Yes

Instructions:

1. Identify current TensorFlow version. 2. Upgrade to patched version: pip install tensorflow==2.8.0 (or appropriate version). 3. Restart all TensorFlow services and applications.

🔧 Temporary Workarounds

Disable Grappler optimization

all

Disable the Grappler component that contains the vulnerable code

Set environment variable: TF_ENABLE_GRAPPLER_OPTIMIZATIONS=0

🧯 If You Can't Patch

  • Network segmentation: Isolate TensorFlow instances from untrusted networks and users
  • Access controls: Implement strict authentication and authorization for TensorFlow services

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)'

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify version is 2.8.0 or higher, or one of the patched versions (2.7.1, 2.6.3, 2.5.3)

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults in TensorFlow processes
  • Memory access violation errors
  • Unexpected TensorFlow service restarts

Network Indicators:

  • Unusual outbound connections from TensorFlow instances
  • Suspicious payloads sent to TensorFlow endpoints

SIEM Query:

source="tensorflow" AND (event_type="segmentation_fault" OR event_type="memory_violation")

📊 Metadata

CVE ID: CVE-2022-23566
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23566, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)