AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-36011: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 16, 2022CVE-2022-36011

Summary

TensorFlow, an open source machine learning platform, has a bug where a specific function crashes with a null dereference (trying to use a memory address that doesn't exist) when given empty function attributes. The issue affects multiple versions of TensorFlow and has no known workarounds.

Solution / Mitigation

The issue was patched in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

Vulnerability Details

CVSS Score

5.9(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-36011

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%