AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37665: TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation

highvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37665

Summary

TensorFlow, an open source machine learning platform, has a vulnerability in its MKL implementation where incomplete validation of input tensor dimensions allows attackers to trigger undefined behavior (accessing invalid memory locations or reading data outside allocated memory bounds). Two operations, requantization and MklRequantizePerChannelOp, are affected by this flaw.

Solution / Mitigation

The issue was patched in GitHub commits 9e62869465573cb2d9b5053f1fa02a81fce21d69 and 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix is included in TensorFlow 2.6.0 and was backported to versions 2.5.1, 2.4.3, and 2.3.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

NVIDIA

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Same vendorNVD/CVE Database

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%