Published: 14/05/2021 Updated: 27/07/2021

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google tensorflow

A security issue has been found in TensorFlow before version 242 Calling `tfraw_opsImmutableConst`(wwwtensorfloworg/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tfresource` or `tfvariant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars We have patched the issue ...

CWE-681 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g4h2-gqm3-c9wq https://github.com/tensorflow/tensorflow/commit/4f663d4b8f0bec1b48da6fa091a7d29609980fa4 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-29539

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-29539

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect