AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29616: TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29616

Summary

TensorFlow, a machine learning platform, has a vulnerability where TrySimplify (a code optimization component) can crash by dereferencing a null pointer (trying to access memory that doesn't exist) when optimizing nodes with no inputs. This undefined behavior can cause the program to fail unexpectedly.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. It will also be backported (applied to older versions) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which are still supported.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29616

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%