Medium severity5.5NVD Advisory· Published May 21, 2022· Updated Jun 17, 2026
CVE-2022-29212
CVE-2022-29212
Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling QuantizeMultiplierSmallerThanOneExp, the TFLITE_CHECK_LT assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.6.4 | 2.6.4 |
tensorflowPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | < 2.6.4 | 2.6.4 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | < 2.6.4 | 2.6.4 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
Affected products
5- osv-coords4 versions
< 2.6.4+ 3 more
- (no CPE)range: < 2.6.4
- (no CPE)range: < 2.6.4
- (no CPE)range: < 2.6.4
- (no CPE)range: < 2.6.4
- Range: < 2.6.4
Patches
Vulnerability mechanics
References
10- github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8nvdPatchThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/issues/43661nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-8wwm-6264-x792nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-8wwm-6264-x792ghsaADVISORY
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.ccnvdThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4nvdRelease NotesThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2nvdRelease NotesThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1nvdRelease NotesThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-29212ghsaADVISORY
News mentions
0No linked articles in our index yet.