Upstream information
CVE-2021-37642 at MITRE
Description
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
SUSE Bugzilla entry:
1189423 [NEW]
SUSE Security Advisories:
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Package Hub 15 SP3 | bazel-skylib1.0.3-source >= 1.0.3-bp153.2.1
bazel3.7 >= 3.7.2-bp153.4.1
libiomp5 >= 2.6.0-bp153.2.3.1
libiomp5-gnu-hpc >= 2.6.0-bp153.2.3.1
libiomp5-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
libtensorflow2 >= 2.6.0-bp153.2.3.1
libtensorflow2-gnu-hpc >= 2.6.0-bp153.2.3.1
libtensorflow2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_cc2 >= 2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_framework2 >= 2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
tensorflow2 >= 2.6.0-bp153.2.3.1
tensorflow2-devel >= 2.6.0-bp153.2.3.1
tensorflow2-doc >= 2.6.0-bp153.2.3.1
tensorflow2-gnu-hpc >= 2.6.0-bp153.2.3.1
tensorflow2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
tensorflow2-lite >= 2.6.0-bp153.2.3.1
tensorflow2-lite-devel >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-devel >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-doc >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-devel >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-doc >= 2.6.0-bp153.2.3.1
| Patchnames: openSUSE-2022-10014 |
openSUSE Leap 15.3 | bazel-skylib1.0.3-source >= 1.0.3-bp153.2.1
bazel3.7 >= 3.7.2-bp153.4.1
libiomp5 >= 2.6.0-bp153.2.3.1
libiomp5-gnu-hpc >= 2.6.0-bp153.2.3.1
libiomp5-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
libtensorflow2 >= 2.6.0-bp153.2.3.1
libtensorflow2-gnu-hpc >= 2.6.0-bp153.2.3.1
libtensorflow2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_cc2 >= 2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_cc2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_framework2 >= 2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-hpc >= 2.6.0-bp153.2.3.1
libtensorflow_framework2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
tensorflow2 >= 2.6.0-bp153.2.3.1
tensorflow2-devel >= 2.6.0-bp153.2.3.1
tensorflow2-doc >= 2.6.0-bp153.2.3.1
tensorflow2-gnu-hpc >= 2.6.0-bp153.2.3.1
tensorflow2-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
tensorflow2-lite >= 2.6.0-bp153.2.3.1
tensorflow2-lite-devel >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-devel >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-hpc-doc >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-devel >= 2.6.0-bp153.2.3.1
tensorflow2_2_6_0-gnu-openmpi2-hpc-doc >= 2.6.0-bp153.2.3.1
| Patchnames: openSUSE-2022-10014 |
openSUSE Tumbleweed | tensorflow-lite >= 2.9.1-1.1
tensorflow-lite-devel >= 2.9.1-1.1
| Patchnames: openSUSE Tumbleweed GA tensorflow-lite-2.9.1-1.1 |