AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41219: TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplicati

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41219

Summary

TensorFlow, an open source platform for machine learning, has a vulnerability in its sparse matrix multiplication code where it can crash or behave unpredictably (undefined behavior) if matrix dimensions are 0 or less, because the code tries to write to an empty memory location (nullptr, a reference to nothing). When dimensions are invalid, the code should create an empty output but not write to it, otherwise it causes a heap OOB access (writing data outside the boundaries of allocated memory).

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. The patch will also be backported (applied to older versions) in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-824 CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41219

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%