PT-2021-23176 · Google · Tensorflow
Mihaimaruseac
·
Published
2021-11-05
·
Updated
2024-03-06
·
CVE-2021-41204
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.7.0
TensorFlow versions 2.6.1 and earlier
TensorFlow versions 2.5.2 and earlier
TensorFlow versions 2.4.4 and earlier
Description
The issue occurs during TensorFlow's Grappler optimizer phase, where constant folding might attempt to deep copy a resource tensor, resulting in a segfault. This happens because these tensors are supposed to remain unchanged.
Recommendations
For versions prior to 2.7.0, update to TensorFlow 2.7.0 to resolve the issue.
For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or a later version in the 2.6 series to resolve the issue.
For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or a later version in the 2.5 series to resolve the issue.
For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or a later version in the 2.4 series to resolve the issue.
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow