AI Threat Alert
Training Data
Training data is both the model's most valuable input and its most underprotected one. Three problem classes dominate. First, poisoning: an attacker who can influence a public dataset, a web crawl, or a fine-tuning corpus can plant backdoors or biases that survive into the deployed model — BadNets-style attacks on image classifiers, trigger-phrase attacks on LLMs, and reward-hacking on RLHF datasets. Second, memorization and leakage: models can regurgitate verbatim training data, exposing PII and copyrighted content; this has driven the active New York Times v. OpenAI litigation and is a recurring GDPR concern. Third, provenance: when training data origins are unclear, downstream users inherit legal and security risk they can't assess. EU AI Act Article 10 (Data Governance) and ISO 42001 Annex A treat training-data quality as a controlled asset. Defenses: data lineage tracking, deduplication, PII scrubbing before training, and adversarial training against known trigger families.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-37674 | TensorFlow: DoS via MaxPoolGrad invalid tensor input | tensorflow | 5.5 |
| HIGH | CVE-2021-37679 | TensorFlow: heap over-read leaks memory via RaggedTensor | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37690 | TensorFlow: use-after-free crashes training processes | tensorflow | 6.6 |
| MEDIUM | CVE-2021-41198 | TensorFlow: tf.tile integer overflow crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41200 | TensorFlow: DoS crash in tf.summary file writer | tensorflow | 5.5 |
| HIGH | CVE-2021-41210 | TensorFlow: heap OOB read in SparseCountSparseOutput | tensorflow | 7.1 |
| HIGH | CVE-2021-41203 | TensorFlow: malformed checkpoint triggers overflow/crash | tensorflow | 7.8 |
| HIGH | CVE-2021-41205 | TensorFlow: heap OOB read in quantize ops, DoS+leak | tensorflow | 7.1 |
| HIGH | CVE-2021-41211 | TensorFlow: heap OOB read in QuantizeV2 shape inference | tensorflow | 7.1 |
| HIGH | CVE-2021-41212 | TensorFlow: heap OOB read in ragged.cross shape inference | tensorflow | 7.1 |
| HIGH | CVE-2021-41219 | TensorFlow: heap OOB in sparse matrix multiply | tensorflow | 7.8 |
| HIGH | CVE-2021-41223 | TensorFlow: FusedBatchNorm heap OOB allows data leak/crash | tensorflow | 7.1 |
| HIGH | CVE-2021-41224 | TensorFlow: heap OOB read in SparseFillEmptyRows op | tensorflow | 7.1 |
| HIGH | CVE-2021-41226 | TensorFlow: heap OOB in SparseBinCount, crash/disclosure | tensorflow | 7.1 |
| MEDIUM | CVE-2021-41202 | TensorFlow tf.range: integer overflow in kernel causes DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-41208 | TensorFlow: heap R/W + DoS in boosted trees APIs | tensorflow | 7.8 |
| MEDIUM | CVE-2021-41218 | TensorFlow: AllToAll DoS via divide-by-zero crash | tensorflow | 5.5 |
| HIGH | CVE-2021-41220 | TensorFlow: use-after-free in async collective ops | tensorflow | 7.8 |
| HIGH | CVE-2021-41221 | TensorFlow: CuDNN heap overflow, local code execution | tensorflow | 7.8 |
| HIGH | CVE-2021-41225 | TensorFlow Grappler: uninitialized var, local priv-esc | tensorflow | 7.8 |