CVE-2021-29592

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier

Description The issue arises when the target shape of the Reshape operator is given by the elements of a 1-D tensor, allowing a null-buffer-backed tensor with a 1D shape to be passed. This occurs because the fix for the vulnerability missed this specific case. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.5.0, update to TensorFlow 2.5.0 or later. For versions 2.4.2 and earlier, cherrypick the commit on TensorFlow 2.4.2. For versions 2.3.3 and earlier, cherrypick the commit on TensorFlow 2.3.3. For versions 2.2.3 and earlier, cherrypick the commit on TensorFlow 2.2.3. For versions 2.1.4 and earlier, cherrypick the commit on TensorFlow 2.1.4. As a temporary workaround, consider restricting the use of the Reshape operator with 1-D tensor shapes until a patch is available.