CVE-2021-29518

LOW

TensorFlow < 2.1.4 - NULL Pointer Dereference in Session Operations

Title source: llm

Description

TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The implementation(https://github.com/tensorflow/tensorflow/blob/eebb96c2830d48597d055d247c0e9aebaea94cd5/tensorflow/core/kernels/session_ops.cc#L104) dereferences the session state pointer without checking if it is valid. Thus, in eager mode, `ctx->session_state()` is nullptr and the call of the member function is undefined behavior. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

References (2)

Core 2

Core References

Exploit, Patch, Third Party Advisory x_refsource_confirm

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-62gx-355r-9fhg

Patch, Third Party Advisory x_refsource_misc

https://github.com/tensorflow/tensorflow/commit/ff70c47a396ef1e3cb73c90513da4f5cb71bebba

Scores

CVSS v3 2.5

EPSS 0.0020

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-476

Status published

Products (4)

google/tensorflow < 2.1.4

pypi/tensorflow 0 - 2.1.4PyPI

pypi/tensorflow-cpu 0 - 2.1.4PyPI

pypi/tensorflow-gpu 0 - 2.1.4PyPI

Published May 14, 2021

Tracked Since Feb 18, 2026