[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CVE-2021-29612 log

Source
Severity Low
Remote No
Type Arbitrary code execution
Description
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278) calls `ValidateInputTensors` for input validation but fails to validate that the two tensors are not empty. Furthermore, since `OP_REQUIRES` macro only stops execution of current function after setting `ctx->status()` to a non-OK value, callers of helper functions that use `OP_REQUIRES` must check value of `ctx->status()` before continuing. This doesn't happen in this op's implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L219), hence the validation that is present is also not effective.
Group Package Affected Fixed Severity Status Ticket
AVG-1962 tensorflow 2.4.1-10 2.5.0-1 Critical Fixed
References
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv
https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2
https://github.com/tensorflow/tensorflow/commit/0ab290774f91a23bebe30a358fde4e53ab4876a0