AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41907: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2022CVE-2022-41907

Summary

TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.ResizeNearestNeighborGrad` function where a large `size` input causes an integer overflow (a calculation error where a number becomes too big for its storage space). This bug allows an attacker to potentially crash the system or execute malicious code.

Solution / Mitigation

The fix is included in TensorFlow 2.11 and has been backported to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The specific patch is available in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624.

Vulnerability Details

CVSS Score

4.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-131

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41907

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%