AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29583: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FusedBatchNorm`

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29583

Summary

TensorFlow's `tf.raw_ops.FusedBatchNorm` function has a vulnerability where it doesn't properly check that certain input values (scale, offset, mean, and variance) match the size of the data being processed, which can cause a heap buffer overflow (reading data beyond allocated memory boundaries) or crash the program by accessing null pointers if empty tensors are provided.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0 and will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-125 CWE-476

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29583

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%