AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29579: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGrad` is

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29579

Summary

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.MaxPoolGrad` function called a heap buffer overflow (a bug where a program writes data beyond the memory it's allowed to use). The vulnerability occurs because the code doesn't properly check that array indices are valid before accessing data, which could allow attackers to read or corrupt memory.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29579

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%