Name of the Vulnerable Software and Affected Versions:

TensorFlow versions prior to 2.8.0

TensorFlow versions 2.7.1 and earlier

TensorFlow versions 2.6.3 and earlier

TensorFlow versions 2.5.3 and earlier

Description:

The issue occurs when building an XLA compilation cache with default settings, triggering a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config proto` is `nullptr`. This happens because the `gpu options` and `visible device list` are accessed without checking if `flr->config proto` is null.

Recommendations:

For versions prior to 2.8.0, update to TensorFlow 2.8.0 or later.

For versions 2.7.1 and earlier, update to TensorFlow 2.7.1 or later.

For versions 2.6.3 and earlier, update to TensorFlow 2.6.3 or later.

For versions 2.5.3 and earlier, update to TensorFlow 2.5.3 or later.

As a temporary workaround, consider modifying the default settings to avoid the null pointer dereference until a patch is available.