AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37681: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF i

highvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37681

Summary

TensorFlow (an open source machine learning platform) has a vulnerability in its SVDF implementation (a neural network component) in TFLite (a lightweight version for mobile devices) where a null pointer error (attempting to use data that doesn't exist in memory) can occur. The bug happens because the `GetVariableInput` function can return a null pointer, but the code doesn't check for this before trying to use it as valid data.

Solution / Mitigation

The issue has been patched in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0, and will also be backported (adapted for older versions) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37681

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%