CVE-2021-29547: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of se
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in a specific operation called `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization` that allows attackers to crash the system by accessing memory outside intended bounds. The bug occurs when the operation receives empty inputs, causing it to try to read from an invalid memory location.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported (applied to older versions) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29547
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%