Miggo Logo

CVE-2021-41215: Null pointer exception in `DeserializeSparse`

5.5

CVSS Score
3.1

Basic Information

EPSS Score
0.0271%
Published
11/10/2021
Updated
11/7/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
tensorflowpip>= 2.6.0, < 2.6.12.6.1
tensorflowpip>= 2.5.0, < 2.5.22.5.2
tensorflowpip< 2.4.42.4.4
tensorflow-cpupip>= 2.6.0, < 2.6.12.6.1
tensorflow-cpupip>= 2.5.0, < 2.5.22.5.2
tensorflow-cpupip< 2.4.42.4.4
tensorflow-gpupip>= 2.6.0, < 2.6.12.6.1
tensorflow-gpupip>= 2.5.0, < 2.5.22.5.2
tensorflow-gpupip< 2.4.42.4.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the shape inference logic in DeserializeSparse's op registration where:

  1. The original code (pre-patch) only checked that the last dimension was 3 via c->WithValue(c->Dim(c->input(0), -1), 3)
  2. This would fail catastrophically for rank 0 inputs (scalars) as accessing dimension -1 of a scalar is invalid
  3. The patch adds c->WithRankAtLeast(c->input(0), 1) to enforce minimum rank
  4. The CVE description explicitly references this shape inference code path
  5. The file path and function location match the vulnerability's technical details

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** [s**p* in**r*n** *o** *or `**s*ri*liz*Sp*rs*`](*ttps://*it*u*.*om/t*nsor*low/t*nsor*low/*lo*/****************************************/t*nsor*low/*or*/ops/sp*rs*_ops.**#L***-L***) **n tri***r * null point*r **r***r*n**: ```pyt*on impor

Reasoning

T** vuln*r**ility st*ms *rom t** s**p* in**r*n** lo*i* in **s*ri*liz*Sp*rs*'s op r**istr*tion w**r*: *. T** ori*in*l *o** (pr*-p*t**) only ****k** t**t t** l*st *im*nsion w*s * vi* *->Wit*V*lu*(*->*im(*->input(*), -*), *) *. T*is woul* **il **t*strop