AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23572: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a ty

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23572

Summary

TensorFlow (an open source machine learning framework) has a bug where it sometimes fails to determine data types correctly during shape inference (the process of figuring out what dimensions data will have). The bug is hidden in production builds because assertion checks are disabled, causing the program to crash when it tries to use an error result as if it were valid data.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1 and TensorFlow 2.6.3, which are still in the supported range.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.5%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-754 CWE-617

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23572

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%