Vulnerability Details : CVE-2021-41218
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Products affected by CVE-2021-41218
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41218
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41218
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2021-41218
-
The product divides a value by zero.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-41218
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273
Integer division by 0 in `tf.raw_ops.AllToAll` · Advisory · tensorflow/tensorflow · GitHubThird Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc
Update TPU AllToAll op to avoid divide by 0. · tensorflow/tensorflow@a8ad3e5 · GitHubPatch;Third Party Advisory
Jump to