Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2021-37686: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

SUSE: CVE-2021-37686: SUSE Linux Security Advisory

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
08/12/2021
Created
10/26/2022
Added
10/26/2022
Modified
10/26/2022

Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definition](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122). An attacker can craft a model such that `ellipsis_end_idx` is smaller than `i` (e.g., always negative). In this case, the inner loop does not increase `i` and the `continue` statement causes execution to skip over the preincrement at the end of the outer loop. We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. TensorFlow 2.6.0 is the only affected version.

Solution(s)

  • suse-upgrade-bazel-skylib1-0-3-source
  • suse-upgrade-bazel3-7
  • suse-upgrade-libiomp5
  • suse-upgrade-libiomp5-gnu-hpc
  • suse-upgrade-libiomp5-gnu-openmpi2-hpc
  • suse-upgrade-libtensorflow2
  • suse-upgrade-libtensorflow2-gnu-hpc
  • suse-upgrade-libtensorflow2-gnu-openmpi2-hpc
  • suse-upgrade-libtensorflow_cc2
  • suse-upgrade-libtensorflow_cc2-gnu-hpc
  • suse-upgrade-libtensorflow_cc2-gnu-openmpi2-hpc
  • suse-upgrade-libtensorflow_framework2
  • suse-upgrade-libtensorflow_framework2-gnu-hpc
  • suse-upgrade-libtensorflow_framework2-gnu-openmpi2-hpc
  • suse-upgrade-tensorflow2
  • suse-upgrade-tensorflow2-devel
  • suse-upgrade-tensorflow2-doc
  • suse-upgrade-tensorflow2-gnu-hpc
  • suse-upgrade-tensorflow2-gnu-openmpi2-hpc
  • suse-upgrade-tensorflow2-lite
  • suse-upgrade-tensorflow2-lite-devel
  • suse-upgrade-tensorflow2_2_6_0-gnu-hpc
  • suse-upgrade-tensorflow2_2_6_0-gnu-hpc-devel
  • suse-upgrade-tensorflow2_2_6_0-gnu-hpc-doc
  • suse-upgrade-tensorflow2_2_6_0-gnu-openmpi2-hpc
  • suse-upgrade-tensorflow2_2_6_0-gnu-openmpi2-hpc-devel
  • suse-upgrade-tensorflow2_2_6_0-gnu-openmpi2-hpc-doc

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;