CVE-2021-41219

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier

Description The code for sparse matrix multiplication in TensorFlow is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In such cases, an empty output tensor should be allocated, but nothing should be written to it to avoid heap OOB access. The issue is triggered when using the tf.raw ops.SparseMatMul operation with specific input parameters, such as a or b having dimensions of 0 or less.

Recommendations For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later to resolve the issue. For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later to resolve the issue. For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later to resolve the issue. For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of tf.raw ops.SparseMatMul with input parameters that may trigger the vulnerability, such as a or b having dimensions of 0 or less.