Lucene search
GoogleOSV:PYSEC-2021-405HistoryNov 05, 2021 - 11:15 p.m.
PYSEC-2021-405
2021-11-0523:15:00
Google
osv.dev
11
tensorflow
deadlock
tf.function api
python functions
deadlock vulnerability
denial of service
fix
tensorflow 2.7.0
cherrypick
commit
supported range
EPSS
0.001
Percentile
23.6%
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive tf.function, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Related
github
github
Deadlock in mutually recursive `tf.function` objects
2021-11-10 18:59:32
veracode
veracode
Denial Of Service (DoS)
2021-11-10 03:05:25
osv
osv
CVE-2021-41213
2021-11-05 23:15:08
Deadlock in mutually recursive `tf.function` objects
2021-11-10 18:59:32
PYSEC-2021-820
2021-11-05 23:15:00
cvelist
cvelist
CVE-2021-41213 Deadlock in mutually recursive `tf.function` objects
2021-11-05 22:10:11
nvd
nvd
CVE-2021-41213
2021-11-05 23:15:08
prion
prion
Stack overflow
2021-11-05 23:15:00
cnvd
cnvd
Google TensorFlow resource management error vulnerability
2021-11-09 00:00:00
cve
cve
CVE-2021-41213
2021-11-05 23:15:08
