VDB
CVE-2021-41227
CVE-2021-41227
PUBLISHED
TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
EPSS 0.08% · 24.2th percentile
Risk Scores
EPSS Score
0.08%
24.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | tensorflow | 2.4.0, 2.5.0, 2.6.0 |
| Bitnami | tensorflow | 2.4.0, 2.5.0, 2.6.0 |
Exploit Intelligence
Timeline
- Nov 5, 2021 CVE Published
- Nov 6, 2021 EPSS Score
- Jan 1, 2022 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 22, 2022 EPSS Score
- Jun 17, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 7, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 23, 2023 EPSS Score
References
- https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b url
- https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585 url
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-41227 url