CVE-2021-37654: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a cr
Summary
TensorFlow (an open source platform for machine learning) has a vulnerability in the `tf.raw_ops.ResourceGather` function that allows attackers to crash the software or read data from memory they shouldn't access by supplying an invalid `batch_dims` parameter (a dimension value that exceeds the tensor's rank, which is the number of dimensions in a data structure). The bug occurs because the code doesn't validate that the user's input is within acceptable bounds before using it.
Solution / Mitigation
The issue was patched in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d. The fix is included in TensorFlow 2.6.0 and was also applied to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.3(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37654
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%