← Back

CVE-2021-41225

nvd nist
Published: Nov 5, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Affected (5)

Products: Google: Tensorflow
Google
1 product
Tensorflow
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Google
Tensorflow
From 2.4.0 to 2.4.4
Tensorflow
From 2.5.0 to 2.5.2
Tensorflow
From 2.6.0 to 2.6.1
Tensorflow
Version 2.7.0 rc0
Tensorflow
Version 2.7.0 rc1

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (4)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.