CVE-2021-29549
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since vector_num_elements is determined based on input shapes(https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| tensorflow | tensorflow | < 2.1.4 | affected |
| tensorflow | tensorflow | >= 2.2.0, < 2.2.3 | affected |
| tensorflow | tensorflow | >= 2.3.0, < 2.3.3 | affected |
| tensorflow | tensorflow | >= 2.4.0, < 2.4.2 | affected |
Weaknesses
- CWE-369: CWE-369: Divide By Zero
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x83m-p7pv-ch8v
- https://github.com/tensorflow/tensorflow/commit/744009c9e5cc5d0447f0dc39d055f917e1fd9e16
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x83m-p7pv-ch8v
- https://github.com/tensorflow/tensorflow/commit/744009c9e5cc5d0447f0dc39d055f917e1fd9e16
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.