cvelist/2021/41xxx/CVE-2021-41225.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-41225",
        "STATE": "PUBLIC",
        "TITLE": "A use of uninitialized value vulnerability in Tensorflow"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "tensorflow",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": ">= 2.6.0, < 2.6.1"
                                        },
                                        {
                                            "version_value": ">= 2.5.0, < 2.5.2"
                                        },
                                        {
                                            "version_value": "< 2.4.4"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "tensorflow"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-908: Use of Uninitialized Resource"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw",
                "refsource": "CONFIRM",
                "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw"
            },
            {
                "name": "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3",
                "refsource": "MISC",
                "url": "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-7r94-xv9v-63jw",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2021-09-15 19:00:53 +00:00			`{`
			`"CVE_data_meta": {`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2021-09-15 19:00:53 +00:00			`"ID": "CVE-2021-41225",`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`"STATE": "PUBLIC",`
			`"TITLE": "A use of uninitialized value vulnerability in Tensorflow"`
"-Synchronized-Data." 2021-09-15 19:00:53 +00:00			`},`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "tensorflow",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": ">= 2.6.0, < 2.6.1"`
			`},`
			`{`
			`"version_value": ">= 2.5.0, < 2.5.2"`
			`},`
			`{`
			`"version_value": "< 2.4.4"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "tensorflow"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-09-15 19:00:53 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			"value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 5.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-908: Use of Uninitialized Resource"`
			`}`
			`]`
"-Synchronized-Data." 2021-09-15 19:00:53 +00:00			`}`
			`]`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw"`
			`},`
			`{`
			`"name": "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3",`
			`"refsource": "MISC",`
			`"url": "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "GHSA-7r94-xv9v-63jw",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2021-09-15 19:00:53 +00:00			`}`
			`}`