| Severity |
|
| Remote |
|
| Type |
| + |
Insufficient validation |
|
| Description |
| + |
In TensorFlow before version 2.6.0 due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation does not validate the dimensions of the input tensor. A similar issue occurs in MklRequantizePerChannelOp. The implementation does not perform full validation for all the input arguments and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9. |
|
| References |
| + |
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp |
| + |
https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69 |
| + |
https://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9 |
|
| Notes |
|