Описание
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::move()d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.6.0 (включая) до 2.6.1 (исключая)
Одно из
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 7.8
debian
больше 4 лет назад
TensorFlow is an open source platform for machine learning. In affecte ...
CVSS3: 7.8
github
около 4 лет назад
Use after free / memory leak in `CollectiveReduceV2`
EPSS
Процентиль: 5%
0.00021
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-416