CVE-2022-41894: TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow L
Summary
TensorFlow Lite's `CONV_3D_TRANSPOSE` operator (a component that flips and reorganizes 3D data during machine learning processing) had a bug where it incorrectly calculated memory addresses when adding bias values, potentially allowing an attacker to write data outside the intended memory area (buffer overflow, where data gets written beyond allocated boundaries). The vulnerability only affects users who employ TensorFlow's default kernel resolver in their interpreter.
Solution / Mitigation
The issue was patched in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11, and will be backported to TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.
Vulnerability Details
7.1(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41894
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%