AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23573: Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitia

highvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23573

Summary

TensorFlow's `AssignOp` (a copy operation in machine learning code) has a bug where it can copy uninitialized data (memory with random or leftover values) to a new tensor, causing unpredictable behavior. The code only checks that the destination is ready, but not the source, leaving room for uninitialized data to be used.

Solution / Mitigation

Update to TensorFlow 2.8.0. If you cannot upgrade immediately, apply backported fixes available in TensorFlow 2.7.1, TensorFlow 2.6.3, or TensorFlow 2.5.3, which are still supported versions.

Vulnerability Details

CVSS Score

7.6(high)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-908

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23573

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%