CVE-2022-23595: Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are
Summary
TensorFlow (an open source machine learning framework) has a vulnerability where building an XLA compilation cache (a storage system that speeds up machine learning model compilation) with default settings causes a null pointer dereference (a crash that happens when code tries to use a memory location that doesn't exist). This occurs because the default configuration allows all devices, leaving a critical variable empty.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. Patches will also be released in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.
Vulnerability Details
5.3(medium)
EPSS: 0.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23595
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 92%