Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Null pointer dereference in `MatrixDiagPartOp` in TensorFlow
Vulnerability Description
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Google TensorFlow代码问题漏洞
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 TensorFlow 2.6.0 之前版本、2.5.1之前版本、2.4.3之前版本和2.3.4之前版本存在代码问题漏洞,该漏洞源于如果用户没有为“tf.raw_ops.MatrixDiagPartOp”提供有效的填充值,则代码会触发空指针取消引用(如果输入为空)或产生无效行为,忽略第一个值之后的所有值
CVSS Information
N/A
Vulnerability Type
N/A