AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41910: TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that d

mediumvulnerability

security

Source: NVD/CVE DatabaseDecember 6, 2022CVE-2022-41910

Summary

TensorFlow, an open source platform for machine learning, has a bug in the MakeGrapplerFunctionItem function where providing inputs larger than or equal to the output sizes causes an out-of-bounds memory read (reading data from memory locations the program shouldn't access) or a crash. The issue has been patched and will be included in TensorFlow 2.11.0 as well as backported to earlier versions.

Solution / Mitigation

The fix is available in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. Users should update to TensorFlow 2.11.0, or for earlier versions, update to 2.8.4, 2.9.3, or 2.10.1 where the patch has been backported.

Vulnerability Details

CVSS Score

4.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41910

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%