CVE-2021-41226

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier

Description The implementation of SparseBinCount is vulnerable to a heap out-of-bounds (OOB) access due to missing validation between the elements of the values argument and the shape of the sparse output. This issue can be exploited using the tf.raw ops.SparseBincount function with specifically crafted indices, values, dense shape, size, and weights parameters. The vulnerability is caused by a lack of validation in the for loop that iterates over the indices mat dimension, allowing an attacker to access memory outside the bounds of the out array.

Recommendations For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later. For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later. For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later. For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later. As a temporary workaround, consider disabling the use of tf.raw ops.SparseBincount until a patch is available. Restrict access to the SparseBinCount function to minimize the risk of exploitation. Avoid using the values argument with unvalidated input in the affected API endpoint until the issue is resolved.