AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41889: TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute,

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2022CVE-2022-41889

Summary

TensorFlow, an open source machine learning platform, had a bug where passing quantized tensors (specially compressed numeric data) to certain functions caused the parsing code to fail silently and return a null pointer (empty reference) instead of the expected data. This could cause crashes or unexpected behavior in machine learning programs using affected TensorFlow functions.

Solution / Mitigation

The issue was patched in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce and will be included in TensorFlow 2.11. The fix will also be backported (applied to earlier versions) in TensorFlow 2.10.1, 2.9.3, and 2.8.4.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41889

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 92%