CVE-2021-37654

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description An attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw ops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. The implementation does not check that the batch dims value that the user supplies is less than the rank of the input tensor, resulting in reading data from outside the bounds of heap allocated buffer backing the tensor.

Recommendations For versions prior to 2.6.0, update to TensorFlow 2.6.0 or later. For versions 2.5.1 and earlier, update to TensorFlow 2.5.1 or later. For versions 2.4.3 and earlier, update to TensorFlow 2.4.3 or later. For versions 2.3.4 and earlier, update to TensorFlow 2.3.4 or later. As a temporary workaround, consider restricting the use of tf.raw ops.ResourceGather until a patch is available. Avoid using the batch dims parameter with values that are not less than the rank of the input tensor in the affected API endpoint until the issue is resolved.