Inference
Inference servers are the most actively-exploited component of the AI stack because they sit between the model and the public internet and they hold the GPU. The shape of the bugs is mostly web-app classes magnified by the cost of compute: missing auth on /v1 endpoints, SSRF that escapes the sandbox onto the platform's control plane, unsafe deserialization on model-loading paths, and path traversal in artifact-management endpoints. vLLM, Triton, TGI, BentoML, Ray Serve, and Ollama have each shipped multiple high-severity CVEs since 2023; CVE-2024-11041 in vLLM was a notable example combining prompt injection with code execution. Multi-tenant deployments are particularly exposed because a single bug typically crosses tenant boundaries. Defenses: aggressive patching, mandatory auth, network segmentation between inference and control plane, and per-tenant resource quotas to bound abuse.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2022-36005 | TensorFlow: DoS via CHECK fail in fake_quant gradient | tensorflow | 7.5 |
| HIGH | CVE-2022-36011 | TensorFlow: null deref DoS in MLIR function conversion | tensorflow | 7.5 |
| HIGH | CVE-2022-36012 | TensorFlow: DoS via empty MLIR function attributes | tensorflow | 7.5 |
| HIGH | CVE-2022-36013 | TensorFlow MLIR: null ptr deref crashes model serving | tensorflow | 7.5 |
| HIGH | CVE-2022-36014 | TensorFlow: null ptr dereference in MLIR causes remote DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-36015 | TensorFlow: integer overflow in RangeSize causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-36016 | TensorFlow: CHECK-fail assertion crashes model serving | tensorflow | 7.5 |
| HIGH | CVE-2022-36017 | TensorFlow: DoS via malformed Requantize tensors | tensorflow | 7.5 |
| HIGH | CVE-2022-41883 | TensorFlow: executor crash via malformed op inputs (DoS) | tensorflow | 7.5 |
| CRITICAL | CVE-2022-41880 | TensorFlow: heap OOB read in candidate sampler op | tensorflow | 9.1 |
| HIGH | CVE-2022-41884 | TensorFlow: DoS via malformed numpy array shape | tensorflow | 7.5 |
| HIGH | CVE-2022-41885 | TensorFlow: FusedResizeAndPadConv2D overflow causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41886 | TensorFlow: integer overflow in image op causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41887 | TensorFlow: int32 overflow crashes Poisson loss function | tensorflow | 7.5 |
| HIGH | CVE-2022-41888 | TensorFlow: GPU input validation DoS in bbox proposals | tensorflow | 7.5 |
| HIGH | CVE-2022-41889 | TensorFlow: NULL ptr deref DoS via quantized tensor input | tensorflow | 7.5 |
| HIGH | CVE-2022-41890 | TensorFlow: int32 overflow in BCast::ToShape causes DoS | tensorflow | 7.5 |
| HIGH | CVE-2022-41891 | TensorFlow: segfault DoS in TensorListConcat op | tensorflow | 7.5 |
| HIGH | CVE-2022-41893 | TensorFlow: DoS via TensorListResize malformed input | tensorflow | 7.5 |
| HIGH | CVE-2022-41894 | TensorFlow Lite: buffer overflow in CONV_3D_TRANSPOSE op | tensorflow | 8.1 |