CVE-2021-37658

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.raw ops.MatrixSetDiagV*. The implementation has incomplete validation that the value of k is a valid tensor. We have a check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong.

Recommendations For versions prior to 2.6.0, update to TensorFlow 2.6.0 or later. For versions 2.5.1 and earlier, update to TensorFlow 2.5.1 or later, or apply the patch from GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. For versions 2.4.3 and earlier, update to TensorFlow 2.4.3 or later, or apply the patch from GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. For versions 2.3.4 and earlier, update to TensorFlow 2.3.4 or later, or apply the patch from GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. As a temporary workaround, consider validating the value of k to ensure it is a valid tensor before using it in operations of type tf.raw ops.MatrixSetDiagV*.