CVE-2022-36012
Published: 16 September 2022
Summary
CVE-2022-36012 is a medium-severity Reachable Assertion (CWE-617) vulnerability in Google Tensorflow. Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 40.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Deep Learning Frameworks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6864
Vulnerability details
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this…
more
commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: tensorflow, machine learning, tensorflow, tensorflow, tensorflow, tensorflow
Related Threats
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.