| Vulnerability Name: | CVE-2021-37643 (CCN-207348) | ||||||||||||
| Assigned: | 2021-08-11 | ||||||||||||
| Published: | 2021-08-11 | ||||||||||||
| Updated: | 2021-08-18 | ||||||||||||
| Summary: | TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | ||||||||||||
| CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) 6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-37643 Source: XF Type: UNKNOWN tensorflow-cve202137643-dos(207348) Source: MISC Type: Patch, Third Party Advisory https://github.com/tensorflow/tensorflow/commit/482da92095c4d48f8784b1f00dda4f81c28d2988 Source: CCN Type: TensorFlow GIT Repository Null pointer dereference in MatrixDiagPartOp Source: CONFIRM Type: Third Party Advisory https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc Source: CCN Type: IBM Security Bulletin 6523816 (Watson Discovery) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||