A new vulnerability in Google TensorFlow could allow denial of service by attackers

Google TensorFlow is a compilation of end-to-end open source platform for machine learning from Google Inc. Google TensorFlow has an error flaw for input validation.

The weakness arises from the fact that the LSTM GRU layer receives a zero-length input while using the CUDA backend, allowing the search to fail. To cause a denial of service, attackers use this vulnerability. It is influenced by the following items and versions: 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, 2.4.0.

Solution:

Update to TensorFlow 2.4.0 or higher

References: