Lucene search
GoogleOSV:PYSEC-2021-622HistoryNov 05, 2021 - 11:15 p.m.
PYSEC-2021-622
2021-11-0523:15:00
Google
osv.dev
21
tensorflow
machine learning
deadlock
`tf.function`
python
vulnerability
denial of service
reentrant lock
tensorflow 2.7.0
cherrypick
commit
tensorflow 2.6.1
tensorflow 2.5.2
tensorflow 2.4.4
EPSS
0.001
Percentile
23.6%
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive tf.function, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Related
github
github
Deadlock in mutually recursive `tf.function` objects
2021-11-10 18:59:32
veracode
veracode
Denial Of Service (DoS)
2021-11-10 03:05:25
cvelist
cvelist
CVE-2021-41213 Deadlock in mutually recursive `tf.function` objects
2021-11-05 22:10:11
osv
osv
BIT-tensorflow-2021-41213
2024-03-06 11:16:14
PYSEC-2021-405
2021-11-05 23:15:00
CVE-2021-41213
2021-11-05 23:15:08
nvd
nvd
CVE-2021-41213
2021-11-05 23:15:08
prion
prion
Stack overflow
2021-11-05 23:15:00
cnvd
cnvd
Google TensorFlow resource management error vulnerability
2021-11-09 00:00:00
cve
cve
CVE-2021-41213
2021-11-05 23:15:08
