CVE-2021-29518: 
Python vulnerability analysis and mitigation

TensorFlow, an end-to-end open source platform for machine learning, was found to contain a vulnerability (CVE-2021-29518) discovered in May 2021. In eager mode (default in TensorFlow 2.0 and later), session operations are invalid, but users could still call the raw ops associated with them, potentially triggering a null pointer dereference. This vulnerability affects versions prior to 2.5.0 and was reported by members of the Aivul Team from Qihoo 360 (GitHub Advisory).

The vulnerability stems from the implementation in the session operations code where it dereferences the session state pointer without validating if it is valid. Specifically, in eager mode, ctx->session_state() is nullptr, and calling the member function results in undefined behavior. The issue was found in the implementation at tensorflow/core/kernels/session_ops.cc (TensorFlow Commit). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH by NVD, though GitHub's assessment rates it as LOW with a CVSS score of 2.5 (NVD).

When exploited, this vulnerability can lead to a null pointer dereference, potentially causing program crashes and denial of service conditions. The vulnerability can be triggered by calling raw ops such as tf.raw_ops.GetSessionTensor or tf.raw_ops.DeleteSessionTensor in eager mode (GitHub Advisory).

The vulnerability has been patched in TensorFlow 2.5.0. Additionally, the fix has been backported to TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4. Users are advised to upgrade to these patched versions. The fix involves adding proper validation of the session state pointer before dereferencing it (GitHub Advisory).