GSD-2021-37671
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-37671",
"description": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.",
"id": "GSD-2021-37671",
"references": [
"https://www.suse.com/security/cve/CVE-2021-37671.html",
"https://security.archlinux.org/CVE-2021-37671"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-37671"
],
"details": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.",
"id": "GSD-2021-37671",
"modified": "2023-12-13T01:23:10.208352Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37671",
"STATE": "PUBLIC",
"TITLE": "Reference binding to nullptr in map operations in TensorFlow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.5.0, \u003c 2.5.1"
},
{
"version_value": "\u003e= 2.4.0, \u003c 2.4.3"
},
{
"version_value": "\u003c 2.3.4"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824: Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac"
}
]
},
"source": {
"advisory": "GHSA-qr82-2c78-4m8h",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.3.4||\u003e=2.4.0,\u003c2.4.3||==2.5.0",
"affected_versions": "All versions before 2.3.4, all versions starting from 2.4.0 before 2.4.3, version 2.5.0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-824",
"CWE-937"
],
"date": "2021-08-25",
"description": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The implementation has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.",
"fixed_versions": [
"2.3.4",
"2.4.3",
"2.5.1"
],
"identifier": "CVE-2021-37671",
"identifiers": [
"GHSA-qr82-2c78-4m8h",
"CVE-2021-37671"
],
"not_impacted": "All versions starting from 2.3.4 before 2.4.0, all versions starting from 2.4.3 before 2.5.0, all versions after 2.5.0",
"package_slug": "pypi/tensorflow-cpu",
"pubdate": "2021-08-25",
"solution": "Upgrade to versions 2.3.4, 2.4.3, 2.5.1 or above.",
"title": "Access of Uninitialized Pointer",
"urls": [
"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h",
"https://nvd.nist.gov/vuln/detail/CVE-2021-37671",
"https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac",
"https://github.com/advisories/GHSA-qr82-2c78-4m8h"
],
"uuid": "097e995a-7201-428a-8493-19cba837836d"
},
{
"affected_range": "\u003c2.3.4||\u003e=2.4.0,\u003c2.4.3||==2.5.0",
"affected_versions": "All versions before 2.3.4, all versions starting from 2.4.0 before 2.4.3, version 2.5.0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-824",
"CWE-937"
],
"date": "2021-08-25",
"description": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The implementation has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.",
"fixed_versions": [
"2.3.4",
"2.4.3",
"2.5.1"
],
"identifier": "CVE-2021-37671",
"identifiers": [
"GHSA-qr82-2c78-4m8h",
"CVE-2021-37671"
],
"not_impacted": "All versions starting from 2.3.4 before 2.4.0, all versions starting from 2.4.3 before 2.5.0, all versions after 2.5.0",
"package_slug": "pypi/tensorflow-gpu",
"pubdate": "2021-08-25",
"solution": "Upgrade to versions 2.3.4, 2.4.3, 2.5.1 or above.",
"title": "Access of Uninitialized Pointer",
"urls": [
"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h",
"https://nvd.nist.gov/vuln/detail/CVE-2021-37671",
"https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac",
"https://github.com/advisories/GHSA-qr82-2c78-4m8h"
],
"uuid": "15377338-6dab-4509-ba94-125cfd7431a7"
},
{
"affected_range": "\u003e=2.3.0,\u003c2.3.4||\u003e=2.4.0,\u003c2.4.3||\u003e=2.5.0,\u003c=2.6.0",
"affected_versions": "All versions starting from 2.3.0 before 2.3.4, all versions starting from 2.4.0 before 2.4.3, all versions starting from 2.5.0 up to 2.6.0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2021-08-18",
"description": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The implementation has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. ",
"fixed_versions": [
"2.3.4",
"2.4.3"
],
"identifier": "CVE-2021-37671",
"identifiers": [
"CVE-2021-37671",
"GHSA-qr82-2c78-4m8h"
],
"not_impacted": "All versions before 2.3.0, all versions starting from 2.3.4 before 2.4.0, all versions starting from 2.4.3 before 2.5.0, all versions after 2.6.0",
"package_slug": "pypi/tensorflow",
"pubdate": "2021-08-12",
"solution": "Upgrade to versions 2.3.4, 2.4.3 or above.",
"title": "Access of Uninitialized Pointer",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-37671"
],
"uuid": "2cf3de6c-af2b-475c-aadb-e8ef912b9a5f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.4",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.3",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-37671"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that `indices` is in ascending order, but does not check that `indices` is not empty. We have patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/532f5c5a547126c634fefd43bbad1dc6417678ac"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qr82-2c78-4m8h"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-08-18T20:53Z",
"publishedDate": "2021-08-12T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…