Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41218

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Published

2021-11-05T22:15:08.667

Last Modified

2024-11-21T06:25:48.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-369

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	tensorflow	< 2.4.4	Yes
Application	google	tensorflow	< 2.5.2	Yes
Application	google	tensorflow	< 2.6.1	Yes
Application	google	tensorflow	2.7.0	Yes
Application	google	tensorflow	2.7.0	Yes

References

https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273 Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)