CVE-2022-41889 is a medium-severity vulnerability in TensorFlow, an open-source machine learning platform widely used for developing and deploying machine learning models. The vulnerability arises from a NULL pointer dereference (CWE-476) in the TensorFlow Python wrapper (pywrap) code when handling quantized tensors assigned to certain attributes. Specifically, when a list of quantized tensors is passed as input to functions such as tf.compat.v1.extract_volume_patches via the 'ksizes' parameter, the pywrap code fails to properly parse these tensors and returns a nullptr. This NULL pointer is not checked or handled, leading to a dereference that can cause the TensorFlow process to crash or terminate unexpectedly. The issue affects TensorFlow versions prior to 2.8.4, and versions 2.9.0 up to but not including 2.9.3, as well as versions 2.10.0 up to but not including 2.10.1. The vulnerability was patched in a GitHub commit (e9e95553e5411834d215e6770c81a83a3d0866ce) and the fix is included in TensorFlow 2.11 and backported to the affected supported versions. There are no known exploits in the wild at this time. The vulnerability does not require authentication or user interaction beyond supplying crafted input tensors, but it does require the attacker to have the ability to execute or influence TensorFlow code that processes quantized tensors. The impact is primarily a denial-of-service condition due to process crashes caused by the NULL pointer dereference, potentially disrupting machine learning workflows or services relying on TensorFlow.

For European organizations, the impact of this vulnerability can be significant in environments where TensorFlow is used in production or research settings, especially in sectors relying heavily on machine learning such as finance, healthcare, automotive, and telecommunications. A denial-of-service caused by the NULL pointer dereference could interrupt critical AI-driven applications, leading to downtime, loss of productivity, and potential data processing delays. While this vulnerability does not directly lead to data breaches or code execution, the disruption of machine learning pipelines could affect decision-making processes and service availability. Organizations deploying TensorFlow models in cloud or edge environments may experience instability or crashes if unpatched versions are used. Additionally, research institutions and AI startups in Europe that rely on TensorFlow for experimentation could face setbacks. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely used versions means that attackers could develop exploits in the future, especially targeting denial-of-service scenarios.

European organizations should prioritize upgrading TensorFlow installations to versions 2.11 or later, or apply the backported patches available for versions 2.10.1, 2.9.3, and 2.8.4. It is critical to audit all environments where TensorFlow is deployed, including development, testing, and production, to identify affected versions. For environments where immediate upgrade is not feasible, implementing input validation to restrict or sanitize quantized tensor inputs, especially in functions like tf.compat.v1.extract_volume_patches, can reduce the risk of triggering the NULL pointer dereference. Monitoring TensorFlow application logs for unexpected crashes or exceptions related to tensor parsing can help detect exploitation attempts. Additionally, isolating TensorFlow workloads in containerized or sandboxed environments can limit the impact of crashes on broader systems. Organizations should also review machine learning pipeline security policies to ensure that untrusted or malformed input data cannot be injected into TensorFlow processing stages. Finally, maintaining up-to-date dependency management and continuous integration pipelines that include TensorFlow version checks will help prevent deployment of vulnerable versions.