CVE-2022-41890 is a medium-severity vulnerability affecting TensorFlow, an open-source machine learning platform widely used for developing and deploying machine learning models. The vulnerability arises from an incorrect type conversion or cast (CWE-704) in the BCast::ToShape function. Specifically, when BCast::ToShape receives input values larger than the maximum value of a 32-bit integer (int32), it crashes, despite the function being designed to handle inputs up to 64-bit integers (int64). This issue can be triggered, for example, by passing a very large input to the 'b' parameter in the tf.experimental.numpy.outer function. The crash results from improper handling of integer sizes during type conversion, leading to an unhandled exception or denial of service within the TensorFlow runtime. The vulnerability affects TensorFlow versions prior to 2.8.4, versions 2.9.0 up to but not including 2.9.3, and versions 2.10.0 up to but not including 2.10.1. The TensorFlow maintainers have patched this issue in commit 8310bf8dd188ff780e7fc53245058215a05bdbe5, with fixes backported to supported versions 2.8.4, 2.9.3, and 2.10.1. There are currently no known exploits in the wild targeting this vulnerability. The flaw primarily causes a denial of service (crash) rather than remote code execution or data leakage. Exploitation requires feeding large integer inputs to specific TensorFlow API calls, which may require some level of user interaction or control over input data. The vulnerability does not require authentication but does require the attacker to supply crafted inputs to the affected TensorFlow functions. Overall, this vulnerability represents a stability and availability risk to applications using affected TensorFlow versions, particularly those processing large numerical data or using the tf.experimental.numpy.outer function with large inputs.

For European organizations leveraging TensorFlow in production environments—especially those in sectors such as finance, healthcare, automotive, and research—the vulnerability could lead to application crashes and service disruptions. This may affect machine learning pipelines, model training, or inference services, potentially causing downtime or degraded performance. While the vulnerability does not directly lead to data breaches or code execution, denial of service conditions can interrupt critical workflows and impact business continuity. Organizations relying on TensorFlow for real-time or large-scale data processing may experience increased operational risk. Additionally, organizations that integrate TensorFlow into cloud services or edge devices could see cascading effects if the vulnerability is triggered at scale. Given the widespread adoption of TensorFlow in European AI research institutions and technology companies, the vulnerability could impact a broad range of applications. However, the lack of known exploits and the requirement for crafted large inputs somewhat limit the immediate risk. Still, unpatched systems remain vulnerable to accidental or intentional crashes, which could be exploited in targeted denial of service attacks.

European organizations should prioritize upgrading TensorFlow installations to patched versions: 2.8.4, 2.9.3, 2.10.1, or later. This ensures the fix for the incorrect type conversion is applied. For environments where immediate upgrades are not feasible, organizations should implement input validation and sanitization to restrict the size of integer inputs passed to TensorFlow functions, particularly tf.experimental.numpy.outer and any other APIs that internally call BCast::ToShape. Monitoring application logs and crash reports for unusual terminations related to large input values can help detect attempted exploitation or accidental triggering. Organizations should also conduct code reviews and testing to identify any custom code or third-party libraries that might pass large integer inputs to TensorFlow. In containerized or cloud deployments, applying runtime protections such as resource limits and automated restarts can mitigate the impact of crashes. Finally, organizations should maintain an inventory of TensorFlow versions in use across their infrastructure to ensure timely patch management and compliance with security policies.