Safety vulnerability ID: 42467
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow version 2.6.1 includes a fix for CVE-2021-41220: In affected versions, the async implementation of 'CollectiveReduceV2' suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been 'std::move()'d are still accessed. The fix is included in TensorFlow 2.7.0.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5
https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75
Latest version: 2.18.0
TensorFlow is an open source machine learning framework for everyone.
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected. See CVE-2021-41220.
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5
MISC:https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75: https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application