AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29518: TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), sess

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29518

Summary

TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4 will also receive this fix through a cherrypick (backporting the security patch to older supported versions).

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29518

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 92%