CVE-2021-29518NULL Pointer Dereference in Tensorflow

CWE-476NULL Pointer Dereference6 documents5 sources
Severity
7.8HIGHNVD
CNA2.5
EPSS
0.0%
top 99.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TensorflowGoogle TensorflowIntel Optimization FOR Tensorflow
Timeline
PublishedMay 14
Latest updateMay 21

Description

TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea94cd5/tensorflow/core/kernels/session_ops.cc#L104) dereferences the session state pointer without checking if it is valid. Thus, in eager mode, `ct

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/tensorflow2.2.02.2.3+3
CVEListV5tensorflow/tensorflow< 2.1.4+3
PyPIintel/optimization_for_tensorflow2.2.02.2.3+4

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Session operations in eager mode lead to null pointer dereferences2021-05-21
GHSA
Session operations in eager mode lead to null pointer dereferences2021-05-21
OSV
CVE-2021-29518: TensorFlow is an end-to-end open source platform for machine learning2021-05-14
CVEList
Session operations in eager mode lead to null pointer dereferences2021-05-14

📋Vendor Advisories

1
Debian
CVE-2021-29518: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. In eager ...2021
CVE-2021-29518 — NULL Pointer Dereference in Tensorflow | cvebase