CVE-2021-41217 – Null pointer exception when `Exit` node is not preceded by `Enter` op
https://notcve.org/view.php?id=CVE-2021-41217
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. • https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq • CWE-476: NULL Pointer Dereference •
CVE-2021-41219 – Undefined behavior via `nullptr` reference binding in sparse matrix multiplication
https://notcve.org/view.php?id=CVE-2021-41219
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. • https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVE-2021-41214 – Reference binding to `nullptr` in `tf.ragged.cross`
https://notcve.org/view.php?id=CVE-2021-41214
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v • CWE-824: Access of Uninitialized Pointer •
CVE-2021-41204 – Segfault while copying constant resource tensor
https://notcve.org/view.php?id=CVE-2021-41204
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x • CWE-824: Access of Uninitialized Pointer •
CVE-2021-41226 – Heap OOB read in `SparseBinCount`
https://notcve.org/view.php?id=CVE-2021-41226
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8 • CWE-125: Out-of-bounds Read •