AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29592: TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/

mediumvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29592

Summary

A previous security fix for TensorFlow (a machine learning platform) didn't work properly when the Reshape operator (which changes a tensor's shape, or dimensions) received its target shape from a 1-D tensor (a single row of data). This incomplete fix accidentally allowed a problematic null-buffer-backed tensor (a data structure with no actual memory backing) to be used, creating a security weakness.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0 and will be backported (adapted for earlier versions) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

4.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29592

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 92%