CVE-2021-37648: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.Sav
Summary
TensorFlow, a machine learning platform, has a vulnerability in its `SaveV2` function where input validation fails to properly stop execution, allowing an attacker to trigger a null pointer dereference (a crash caused by accessing invalid memory). The validation check uses a method that only sets an error status but doesn't actually stop the function, so harmful operations continue anyway.
Solution / Mitigation
The issue was patched in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix is included in TensorFlow 2.6.0 and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.8(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37648
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%