AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41895: TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, Tensor

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2022CVE-2022-41895

Summary

TensorFlow, an open source machine learning platform, has a vulnerability where the `MirrorPadGrad` function crashes with a heap OOB error (out-of-bounds memory access, where the software tries to read memory it shouldn't) when given incorrectly sized input padding values. This bug allows attackers to potentially crash TensorFlow applications.

Solution / Mitigation

The fix is included in TensorFlow 2.11 and has been backported (applied to older versions) in TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The fix was committed in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92.

Vulnerability Details

CVSS Score

4.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41895

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%