CVE-2021-41224

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier

Description The implementation of SparseFillEmptyRows can be made to trigger a heap out-of-bounds (OOB) access. This occurs whenever the size of indices does not match the size of values. The issue can be exploited using the tf.raw ops.SparseFillEmptyRows API endpoint with mismatched indices and values sizes.

Recommendations For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later. For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later. For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later. For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later. As a temporary workaround, consider validating the size of indices and values before calling the tf.raw ops.SparseFillEmptyRows function to prevent heap OOB access.