CVE-2021-37639

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4

Description The issue occurs when restoring tensors via raw APIs in TensorFlow. If the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation retrieves the tensor list corresponding to the tensor name user-controlled input and immediately retrieves the tensor at the restoration index, controlled via the preferred shard argument, without validating that the provided list has enough values. This results in either dereferencing a null pointer or a heap out-of-bounds read.

Recommendations For TensorFlow versions prior to 2.6.0, update to version 2.6.0 or later. For TensorFlow version 2.5.1, apply the patch from GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. For TensorFlow version 2.4.3, apply the patch from GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. For TensorFlow version 2.3.4, apply the patch from GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. As a temporary workaround, consider validating the tensor name input and the preferred shard argument to prevent null pointer dereferences and heap out-of-bounds reads.