AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41220: TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `Collective

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41220

Summary

TensorFlow, an open source platform for machine learning, had a memory leak and use-after-free bug (a mistake where the program tries to access data after it has already been deleted) in its `CollectiveReduceV2` function due to improper handling of asynchronous operations. The vulnerability was caused by objects being moved from memory while still being accessed elsewhere in the code.

Solution / Mitigation

The fix is included in TensorFlow 2.7.0, and the patch was also backported to TensorFlow 2.6.1, which was the only other affected version.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-416

CAPEC (Attack Pattern)

CAPEC-233

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41220

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 92%