Lucene search
GoogleOSV:PYSEC-2021-820HistoryNov 05, 2021 - 11:15 p.m.
PYSEC-2021-820
2021-11-0523:15:00
Google
osv.dev
12
vulnerability
tensorflow
tf.function api
deadlock
denial of service
recursive functions
fix
tensorflow 2.7.0
tensorflow 2.6.1
tensorflow 2.5.2
tensorflow 2.4.4
EPSS
0.001
Percentile
23.6%
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive tf.function, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Related
github
github
Deadlock in mutually recursive `tf.function` objects
2021-11-10 18:59:32
veracode
veracode
Denial Of Service (DoS)
2021-11-10 03:05:25
osv
osv
CVE-2021-41213
2021-11-05 23:15:08
Deadlock in mutually recursive `tf.function` objects
2021-11-10 18:59:32
BIT-tensorflow-2021-41213
2024-03-06 11:16:14
cvelist
cvelist
CVE-2021-41213 Deadlock in mutually recursive `tf.function` objects
2021-11-05 22:10:11
nvd
nvd
CVE-2021-41213
2021-11-05 23:15:08
prion
prion
Stack overflow
2021-11-05 23:15:00
cnvd
cnvd
Google TensorFlow resource management error vulnerability
2021-11-09 00:00:00
cve
cve
CVE-2021-41213
2021-11-05 23:15:08
