CVE Vulnerabilities

CVE-2021-37681

NULL Pointer Dereference

Published: Aug 12, 2021 | Modified: Aug 18, 2021
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor. Furthermore, because GetVariableInput calls GetMutableInput which might return nullptr, the tensor->is_variable expression can also trigger a null pointer exception. We have patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Tensorflow Google 2.3.0 (including) 2.3.4 (excluding)
Tensorflow Google 2.4.0 (including) 2.4.3 (excluding)
Tensorflow Google 2.5.0 (including) 2.5.0 (including)
Tensorflow Google 2.6.0-rc0 (including) 2.6.0-rc0 (including)
Tensorflow Google 2.6.0-rc1 (including) 2.6.0-rc1 (including)
Tensorflow Google 2.6.0-rc2 (including) 2.6.0-rc2 (including)

Potential Mitigations

References