CVE-2022-21726 — Out-of-bounds Read in Intel Optimization FOR Tensorflow

CWE-125 — Out-of-bounds Read12 documents5 sources

Severity

8.8HIGHNVD

CNA8.1

EPSS

0.3%

top 47.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Optimization FOR Tensorflow Google Tensorflow

Timeline

PublishedFeb 3

Latest updateMar 3

Description

Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶PyPIintel/optimization_for_tensorflow2.6.0 — 2.6.3+2

▶NVDgoogle/tensorflow2.6.0 — 2.6.2+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2026-03-03

▶

OSV

linux-azure, linux-azure-5.4, linux-azure-fips vulnerabilities↗2026-02-20

▶

OSV

linux-oracle, linux-oracle-5.4 vulnerabilities↗2026-02-12

▶

OSV

linux-xilinx-zynqmp vulnerabilities↗2026-02-11

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm vulnerabilities↗2026-01-30

▶

📋Vendor Advisories

Debian

CVE-2022-21726: tensorflow - Tensorflow is an Open Source Machine Learning Framework. The implementation of `...↗2022

▶