AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.t

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29539

Summary

TensorFlow (an open source machine learning platform) has a bug where calling a specific function with certain data types causes a segfault (crash where the program tries to access invalid memory). The function assumes the data will be simple scalars (single values), but fails when given more complex data types like `tf.resource` or `tf.variant`.

Solution / Mitigation

The issue is patched in commit 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will be released in TensorFlow 2.5.0. TensorFlow nightly packages after this commit will also have the fix. As a workaround, users can prevent the segfault by inserting a filter for the `dtype` argument when using `tf.raw_ops.ImmutableConst`.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-681

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29539

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%