CVE-2021-29515

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description: The implementation of MatrixDiag* operations does not validate that the tensor arguments are non-empty. This can lead to null pointer dereferences if any of the tensors are null. The issue can be triggered by passing empty tensors to the tf.raw ops.MatrixDiagV2 or tf.raw ops.MatrixDiagV3 operations.

Recommendations: For TensorFlow versions prior to 2.5.0, update to version 2.5.0 or later. For TensorFlow versions 2.4.2 and earlier, update to version 2.4.2 or later. For TensorFlow versions 2.3.3 and earlier, update to version 2.3.3 or later. For TensorFlow versions 2.2.3 and earlier, update to version 2.2.3 or later. For TensorFlow versions 2.1.4 and earlier, update to version 2.1.4 or later. As a temporary workaround, consider validating the tensor arguments before passing them to the MatrixDiag* operations to prevent null pointer dereferences.