TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
References
Link | Resource |
---|---|
https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b | Patch Third Party Advisory |
https://github.com/tensorflow/tensorflow/issues/51936 | Exploit Third Party Advisory |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-11-05T19:55:13
Updated: 2021-11-05T19:55:13
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41196
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-05T20:15:07.780
Modified: 2021-11-09T13:56:01.853
Link: CVE-2021-41196
JSON object: View
Redhat Information
No data.
CWE