5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.7%
tensorflow is vulnerable to denial of service. The vulnerability exists because the GetDeviceForInput
function of execute.cc
does not properly handle empty resources allowing an attacker to crash the application through the null pointer dereferences when using eager mode.
github.com/tensorflow/tensorflow/commit/295ffc918feb90daf51b91971e832c177c9fd43c
github.com/tensorflow/tensorflow/commit/33964e99580c8efceb4f83a0bba7fa253074a1cb
github.com/tensorflow/tensorflow/commit/4f7045ce41aa3b4702f01d6748deeff22dffee9b
github.com/tensorflow/tensorflow/commit/523bb76101fb2c2c4097164d810db08b19aa9e43
github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7
github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498
github.com/tensorflow/tensorflow/pull/55890
github.com/tensorflow/tensorflow/pull/55891
github.com/tensorflow/tensorflow/pull/55892
github.com/tensorflow/tensorflow/pull/55893
github.com/tensorflow/tensorflow/releases/tag/v2.6.4
github.com/tensorflow/tensorflow/releases/tag/v2.7.2
github.com/tensorflow/tensorflow/releases/tag/v2.8.1
github.com/tensorflow/tensorflow/releases/tag/v2.9.0
github.com/tensorflow/tensorflow/releases/tag/v2.9.0-rc2
github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.7%