1. CVE-Search
  2. CVE-2021-41225
ID CVE-2021-41225
Summary TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
References
Vulnerable Configurations
  • cpe:2.3:a:google:tensorflow:2.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:-:*:*:-:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:-:*:*:-:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc0:*:*:-:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc0:*:*:-:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc0:*:*:lite:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc0:*:*:lite:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc1:*:*:-:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc1:*:*:-:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc1:*:*:lite:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc1:*:*:lite:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc2:*:*:-:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc2:*:*:-:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc2:*:*:lite:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc2:*:*:lite:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc3:*:*:-:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc3:*:*:-:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc3:*:*:lite:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc3:*:*:lite:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.0:rc4:*:*:-:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.0:rc4:*:*:-:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.5.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.5.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.6.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 10-11-2021 - 16:55)
Impact:
Exploitability:
CWE CWE-908
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
Last major update 10-11-2021 - 16:55
Published 05-11-2021 - 23:15
Last modified 10-11-2021 - 16:55
Back to Top