AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29576: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGr

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29576

Summary

TensorFlow, an open source platform for machine learning, has a vulnerability in a specific function called `tf.raw_ops.MaxPool3DGradGrad` that can cause a heap buffer overflow (a type of memory corruption where data overflows into adjacent memory). The problem occurs because the code doesn't properly check whether initialization completes successfully, leaving data in an invalid state.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. The vulnerability is also being patched in earlier versions: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29576

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%