CVE-2021-29565
published 2021-05-14CVE-2021-29565: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`. This is because of missing validation(https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec<>()` would cause a null pointer dereference in the implementation of the op. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 2.1.4 | 2.1.4 | |
| tensorflow | >= 2.2.0 < 2.2.3 | 2.2.3 | |
| tensorflow | >= 2.3.0 < 2.3.3 | 2.3.3 | |
| tensorflow | >= 2.4.0 < 2.4.2 | 2.4.2 | |
| intel | optimization_for_tensorflow | >= 0 < 2.1.4 | 2.1.4 |
| intel | optimization_for_tensorflow | >= 0 < faa76f39014ed3b5e2c158593b1335522e573c7f | faa76f39014ed3b5e2c158593b1335522e573c7f |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.3 | 2.2.3 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.3 | 2.3.3 |
| intel | optimization_for_tensorflow | >= 2.4.0 < 2.4.2 | 2.4.2 |
| tensorflow | tensorflow | < 2.1.4 | 2.1.4 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
GHSA
Null pointer dereference in `SparseFillEmptyRows`
ghsa·2021-05-21
CVE-2021-29565 [LOW] CWE-476 Null pointer dereference in `SparseFillEmptyRows`
Null pointer dereference in `SparseFillEmptyRows`
### Impact
An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`:
```python
import tensorflow as tf
indices = tf.constant([], shape=[0, 0], dtype=tf.int64)
values = tf.constant([], shape=[0], dtype=tf.int64)
dense_shape = tf.constant([], shape=[0], dtype=tf.int64)
default_value = 0
tf.raw_ops.SparseFillEmptyRows(
indices=indices, values=values, dense_shape=dense_shape,
default_value=default_value)
```
This is because of missing [validation](https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec
OSV
Null pointer dereference in `SparseFillEmptyRows`
osv·2021-05-21
CVE-2021-29565 [LOW] Null pointer dereference in `SparseFillEmptyRows`
Null pointer dereference in `SparseFillEmptyRows`
### Impact
An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`:
```python
import tensorflow as tf
indices = tf.constant([], shape=[0, 0], dtype=tf.int64)
values = tf.constant([], shape=[0], dtype=tf.int64)
dense_shape = tf.constant([], shape=[0], dtype=tf.int64)
default_value = 0
tf.raw_ops.SparseFillEmptyRows(
indices=indices, values=values, dense_shape=dense_shape,
default_value=default_value)
```
This is because of missing [validation](https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec
OSV
CVE-2021-29565: TensorFlow is an end-to-end open source platform for machine learning
osv·2021-05-14
CVE-2021-29565 CVE-2021-29565: TensorFlow is an end-to-end open source platform for machine learning
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`. This is because of missing validation(https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec<>()` would cause a null pointer dereference in the implementation of the op. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Debian
CVE-2021-29565: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack...
vendor_debian·2021·CVSS 2.5
CVE-2021-29565 [LOW] CVE-2021-29565: tensorflow - TensorFlow is an end-to-end open source platform for machine learning. An attack...
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`. This is because of missing validation(https://github.com/tensorflow/tensorflow/blob/fdc82089d206e281c628a93771336bf87863d5e8/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L230-L231) that was covered under a `TODO`. If the `dense_shape` tensor is empty, then `dense_shape_t.vec<>()` would cause a null pointer dereference in the implementation of the op. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Scope: local
forky: resolved
sid: resolve
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7fhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6pg-pjwc-j585https://github.com/tensorflow/tensorflow/commit/faa76f39014ed3b5e2c158593b1335522e573c7fhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6pg-pjwc-j585
2021-05-14
Published