CVE-2021-41222 : Vulnerability Insights and Analysis
Learn about CVE-2021-41222 impacting TensorFlow versions >= 2.4.4 and < 2.6.1. This vulnerability allows attackers to trigger a segfault in the `SplitV` function due to incorrect handling of negative arguments.
TensorFlow is an open-source machine learning platform. The vulnerability in affected versions triggers a segfault in the
SplitVUnderstanding CVE-2021-41222
TensorFlow versions >= 2.4.4 and < 2.6.1 are impacted by a vulnerability that allows attackers to cause a segfault by providing negative arguments to the
SplitVWhat is CVE-2021-41222?
The flaw arises when
size_splitsThe Impact of CVE-2021-41222
- Base Score: 5.5 (Medium)
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- Availability Impact: High
- Confidentiality Impact: None
- Integrity Impact: None
- User Interaction: None
- Scope: Unchanged
Technical Details of CVE-2021-41222
The following technical details describe the vulnerability in TensorFlow:
Vulnerability Description
The flaw occurs in the
SplitVAffected Systems and Versions
- TensorFlow version >= 2.6.0, < 2.6.1
- TensorFlow version >= 2.5.0, < 2.5.2
- TensorFlow version < 2.4.4
Exploitation Mechanism
Attackers can exploit this vulnerability by supplying negative arguments to the
SplitVMitigation and Prevention
To address CVE-2021-41222, consider the following steps:
Immediate Steps to Take
- Update TensorFlow to version 2.7.0 when available.
- Apply provided patches for TensorFlow versions 2.6.1, 2.5.2, and 2.4.4.
Long-Term Security Practices
- Regularly update TensorFlow to the latest versions to mitigate known vulnerabilities.
Patching and Updates
- Keep TensorFlow installations up to date with the latest security patches and bug fixes.