AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23578: Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the i

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23578

Summary

TensorFlow (an open-source machine learning framework) has a memory leak bug in a function called `ImmutableExecutorState::Initialize`. When a graph node (a processing unit in a machine learning model) is invalid, the software sets a pointer (a reference to a location in memory) to null without freeing the memory it previously pointed to, causing that memory to be wasted and unavailable for other tasks.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-401

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23578

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%