CVE-2023-25670: TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error
highvulnerability
security
Summary
TensorFlow (an open source machine learning platform) versions before 2.12.0 and 2.11.1 have a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in a specific feature called QuantizedMatMulWithBiasAndDequantize when MKL (a math optimization library) is enabled. This bug can cause the software to crash or behave unexpectedly.
Solution / Mitigation
Update to TensorFlow version 2.12.0 or version 2.11.1, which include fixes for this vulnerability.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack SophisticationModerate
Impact (CIA+S)
availabilityintegrity
AI Component TargetedFramework
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-25670
First tracked: February 15, 2026 at 08:42 PM
Classified by LLM (prompt v3) · confidence: 95%