AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37648: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.Sav

highvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37648

Summary

TensorFlow, a machine learning platform, has a vulnerability in its `SaveV2` function where input validation fails to properly stop execution, allowing an attacker to trigger a null pointer dereference (a crash caused by accessing invalid memory). The validation check uses a method that only sets an error status but doesn't actually stop the function, so harmful operations continue anyway.

Solution / Mitigation

The issue was patched in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix is included in TensorFlow 2.6.0 and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Google

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%