CVE-2021-41211Out-of-bounds Read in Intel Optimization FOR Tensorflow

CWE-125Out-of-bounds Read6 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 94.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Intel Optimization FOR TensorflowTensorflowGoogle Tensorflow
Timeline
PublishedNov 5
Latest updateNov 10

Description

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of th

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

PyPIintel/optimization_for_tensorflow2.6.02.6.1+2
CVEListV5tensorflow/tensorflow>= 2.6.0, < 2.6.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Heap OOB in shape inference for `QuantizeV2`2021-11-10
OSV
Heap OOB in shape inference for `QuantizeV2`2021-11-10
CVEList
Heap OOB read in shape inference for `QuantizeV2`2021-11-05
OSV
CVE-2021-41211: TensorFlow is an open source platform for machine learning2021-11-05

📋Vendor Advisories

1
Debian
CVE-2021-41211: tensorflow - TensorFlow is an open source platform for machine learning. In affected versions...2021
CVE-2021-41211 — Out-of-bounds Read in Intel | cvebase