AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29516: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.RaggedTensorToVariant` with a

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29516

Summary

TensorFlow, a machine learning platform, has a vulnerability in the `RaggedTensorToVariant` function where passing invalid ragged tensors (data structures for irregular-shaped arrays) causes a null pointer dereference (accessing memory that hasn't been set, crashing the program). The function doesn't check whether the ragged tensor is empty before trying to use it.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. It will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29516

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%