Null pointer exception when `Exit` node is not preceded by `Enter` op
Description
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an Enter node) always exists when encountering the second node (e.g., an Exit node). When this is not the case, parent is nullptr so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.6.0, < 2.6.1 | 2.6.1 |
tensorflowPyPI | >= 2.5.0, < 2.5.2 | 2.5.2 |
tensorflowPyPI | < 2.4.4 | 2.4.4 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.1 | 2.6.1 |
tensorflow-cpuPyPI | >= 2.5.0, < 2.5.2 | 2.5.2 |
tensorflow-cpuPyPI | < 2.4.4 | 2.4.4 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.1 | 2.6.1 |
tensorflow-gpuPyPI | >= 2.5.0, < 2.5.2 | 2.5.2 |
tensorflow-gpuPyPI | < 2.4.4 | 2.4.4 |
Affected products
1- Range: >= 2.6.0, < 2.6.1
Patches
105cbebd3c6bbFix a NPE issue in invalid Exit op. Now it will report an error instead of crash.
1 file changed · +4 −0
tensorflow/core/common_runtime/immutable_executor_state.cc+4 −0 modified@@ -316,6 +316,10 @@ Status ImmutableExecutorState::BuildControlFlowInfo(const Graph* g, } else if (IsExit(curr_node)) { // Exit to the parent frame. parent = parent_nodes[curr_id]; + if (!parent) { + return errors::InvalidArgument( + "Invalid Exit op: Cannot find a corresponding Enter op."); + } frame_name = cf_info->frame_names[parent->id()]; parent = parent_nodes[parent->id()]; } else {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-5crj-c72x-m7gqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41217ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-626.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-824.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-409.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ffghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.