CVE-2021-37689

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier

Description An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The implementation unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements.

Recommendations For versions prior to 2.6.0, update to TensorFlow 2.6.0 or later. For versions 2.5.1 and earlier, update to TensorFlow 2.5.1 or later, or apply the patch from GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. For versions 2.4.3 and earlier, update to TensorFlow 2.4.3 or later, or apply the patch from GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. For versions 2.3.4 and earlier, update to TensorFlow 2.3.4 or later, or apply the patch from GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955. As a temporary workaround, consider disabling the L2NormalizeReduceAxis operator until a patch is available.