AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-29207: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple T

mediumvulnerability

security

Source: NVD/CVE DatabaseMay 20, 2022CVE-2022-29207

Summary

TensorFlow (an open source platform for machine learning) has a vulnerability in versions before 2.9.0, 2.8.1, 2.7.2, and 2.6.4 where certain operations fail when given an invalid resource handle (a reference to data or tools the program needs). In eager mode (where TensorFlow executes code immediately rather than preparing a plan first), this can cause a reference to point to a null pointer (a memory location that doesn't exist), leading to undefined behavior and potential crashes or errors. Graph mode had safeguards that prevented this issue.

Solution / Mitigation

Update TensorFlow to versions 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, which contain a patch for this issue.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-20 CWE-475

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-29207

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%