Description
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions using 32-bit unsigned arithmetic without overflow detection, causing GetNumBytes() to return an understated allocation size. During Optimize()->InferOutputShapes(), the BatchToSpaceNdLayer reads beyond the allocated buffer.
Published: 2026-05-22
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unchecked integer overflow in ArmNN’s TensorShape::GetNumElements() causes the number of tensor elements to be under‑computed. During model optimisation, the resulting GetNumBytes() value is too small for the actual data size, and the BatchToSpaceNdLayer reads beyond the allocated heap buffer. This over‑read can expose data or crash the application, compromising confidentiality, integrity and availability. The core weakness is an integer overflow that propagates to a buffer over‑read, fitting CWE‑680 and CWE‑126 patterns.

Affected Systems

The flaw resides in the ArmNN Tensor implementation used for TensorFlow Lite parsing. Systems that load and optimise TFLite models with ArmNN, such as embedded ARM devices or server‑side inference pipelines, are affected. The vulnerability applies to all releases through the 2026‑03‑27 build of the library, as no specific fixed versions are identified.

Risk and Exploitability

The vulnerability has no public exploit score, and it is not listed in the CISA KEV catalog, but it has a high potential impact if a malicious TFLite file can be supplied to the host. Attackers who can control the model input can trigger the overflow, leading to a buffer over‑read. The attack likely requires local or network delivery of a crafted model file; no privileged escalation is believed necessary. Given the absence of existing patches, the risk remains significant for un‑updated installations.

Generated by OpenCVE AI on May 22, 2026 at 19:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a fixed ArmNN release that eliminates the unchecked 32‑bit multiplication for tensor dimensions.
  • Validate or sanitize incoming TFLite models before optimisation, ensuring dimensions do not exceed safe limits.
  • Implement runtime checks for tensor size calculations or use a safe integer library to detect and prevent overflows.

Generated by OpenCVE AI on May 22, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ArmNN Tensor Shape Causes Buffer Over‑read
Weaknesses CWE-126
CWE-680

Fri, 22 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions using 32-bit unsigned arithmetic without overflow detection, causing GetNumBytes() to return an understated allocation size. During Optimize()->InferOutputShapes(), the BatchToSpaceNdLayer reads beyond the allocated buffer.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-22T17:40:29.276Z

Reserved: 2026-04-29T00:00:00.000Z

Link: CVE-2026-42627

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T19:30:44Z

Weaknesses