How severe is CVE-2021-29611?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-29611?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2021-29611 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions.

Related Vulnerabilities

CVE-2010-4343

MEDIUM

CVSS:5.5(Medium)

drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operation...

CWE-6652010

CVE-2010-4655

MEDIUM

CVSS:5.5(Medium)

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by levera...

CWE-6652010

CVE-2014-8181

MEDIUM

CVSS:5.5(Medium)

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

CWE-6652014

CVE-2017-0641

MEDIUM

CVSS:5.5(Medium)

A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to...

CWE-6652017

CVE-2017-0735

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38239864.

CWE-6652017

CVE-2017-13649

MEDIUM

CVSS:5.5(Medium)

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root accoun...

CWE-6652017