AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-21734: Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail i

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 3, 2022CVE-2022-21734

Summary

TensorFlow, an open-source machine learning framework, has a vulnerability in its `MapStage` component where a CHECK-fail (a type of crash caused by a failed validation check) occurs if the key tensor (a multi-dimensional array of data) is not a scalar (a single value). This bug can cause the program to crash unexpectedly.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-843 CWE-843

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21734

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 92%