CVE-2021-29551: 
Python 5FOqC0

TensorFlow, an open-source machine learning platform, was found to contain a vulnerability in the implementation of MatrixTriangularSolve. The vulnerability (CVE-2021-29551) was discovered in May 2021 and affects TensorFlow versions prior to 2.5.0. The issue occurs when the function fails to terminate kernel execution properly if a validation condition fails, potentially leading to security implications (GitHub Advisory).

The vulnerability stems from the MatrixTriangularSolve implementation where the OP_REQUIRES validation check only sets the context status to non-OK and returns, but doesn't properly terminate execution. This allows execution to continue with invalid data, leading to potential heap out-of-bounds read operations. The issue has a CVSS v3.1 base score of 5.5 (MEDIUM) according to NVD, with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to heap out-of-bounds read operations when processing empty tensors. The issue occurs specifically when two input tensors are empty, and after the dimension validation fails, the execution continues with invalid data initialization (GitHub Advisory).

The vulnerability has been patched in TensorFlow 2.5.0. Additionally, the fix has been backported to TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4. Users are advised to upgrade to these patched versions. The fix was implemented through GitHub commit 480641e3599775a8895254ffbc0fc45621334f68 (GitHub Commit).