CVE-2021-37657
Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Reserved 2021-07-29 | Published 2021-08-12 | Updated 2024-08-04 | Assigner GitHub_MCWE-824: Access of Uninitialized Pointer
github.com/...orflow/security/advisories/GHSA-5xwc-mrhx-5g3m
github.com/...ommit/f2a673bd34f0d64b8e40a551ac78989d16daad09
Support options
