CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41225 – A use of uninitialized value vulnerability in Tensorflow
https://notcve.org/view.php?id=CVE-2021-41225
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41222 – Segfault due to negative splits in `SplitV`
https://notcve.org/view.php?id=CVE-2021-41222
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41228 – Code injection in `saved_model_cli`
https://notcve.org/view.php?id=CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. • https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41220 – Use after free in `CollectiveReduceV2`
https://notcve.org/view.php?id=CVE-2021-41220
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. • https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-41221 – Access to invalid memory during shape inference in `Cudnn*` ops
https://notcve.org/view.php?id=CVE-2021-41221
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. • https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •