PT-2021-23198 · Google · Tensorflow
Qian Feng
·
Published
2021-11-05
·
Updated
2024-03-06
·
CVE-2021-41225
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.7.0
TensorFlow version 2.6.1
TensorFlow version 2.5.2
TensorFlow version 2.4.4
Description
TensorFlow's Grappler optimizer has a use of an uninitialized variable. If the
train nodes vector does not contain a Dequeue node, then dequeue node is left uninitialized.Recommendations
For TensorFlow versions prior to 2.7.0, update to version 2.7.0 or later.
For TensorFlow version 2.6.1, update to a version that includes the cherrypicked commit.
For TensorFlow version 2.5.2, update to a version that includes the cherrypicked commit.
For TensorFlow version 2.4.4, update to a version that includes the cherrypicked commit.
As a temporary workaround, consider disabling the Grappler optimizer until a patch is available.
Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow