Safety vulnerability ID: 56862
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:
In affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the "input" tensor. A similar issue occurs in "MklRequantizePerChannelOp". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp
https://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9
https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69
Latest version: 2.14.0
TensorFlow is an open source machine learning framework for everyone.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application