AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29515: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixDiag*` operations(ht

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29515

Summary

TensorFlow (an open-source machine learning platform) has a vulnerability in its `MatrixDiag*` operations (functions that create diagonal matrices from tensor data) because the code doesn't check whether the input tensors are empty, which could cause the program to crash or behave unexpectedly. This bug affects multiple versions of TensorFlow.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. It will also be backported (added to earlier versions still being supported) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29515

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 92%