QID 981459
QID 981459: Python (pip) Security Update for tensorflow-gpu (GHSA-xwhf-g6j5-j5gc)
Security update has been released for tensorflow-gpu,tensorflow,tensorflow-cpu to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
When the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.
Solution
We have patched the issue in c0319231333f0f16e1cc75ec83660b01fedd4182 and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.
Vendor References
- GHSA-xwhf-g6j5-j5gc -
github.com/advisories/GHSA-xwhf-g6j5-j5gc
CVEs related to QID 981459
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-xwhf-g6j5-j5gc | tensorflow |
|
|
| GHSA-xwhf-g6j5-j5gc | tensorflow-cpu |
|
|
| GHSA-xwhf-g6j5-j5gc | tensorflow-gpu |
|