CVE-2021-29544 : TensorFlow is an end-to-end open source platform for machine learning. An attack

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.QuantizeAndDequantizeV4Grad`. This is because the implementation does not validate the rank of the `input_*` tensors. In turn, this results in the tensors being passes as they are to `QuantizeAndDequantizePerChannelGradientImpl`. However, the `vec<T>` method, requires the rank to 1 and triggers a `CHECK` failure otherwise. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 as this is the only other affected version.

Published 2021-05-14 20:15:13

Updated 2024-10-31 21:15:15

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-29544

Google » Tensorflow
Versions from including (>=) 2.4.0 and before (<) 2.4.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-29544

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-29544

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L	1.0	1.4	GitHub, Inc.
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2021-29544

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2021-29544

https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L162-L163

tensorflow/tensorflow/core/kernels/quantize_and_dequantize_op.cc at 95078c145b5a7a43ee046144005f733092756ab5 · tensorflow/tensorflow · GitHub
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6g85-3hm8-83f9

`CHECK`-fail in `QuantizeAndDequantizeV4Grad` · Advisory · tensorflow/tensorflow · GitHub
Exploit;Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/20431e9044cf2ad3c0323c34888b192f3289af6b

Fix `tf.raw_ops.QuantizeAndDequantizeV4Grad` CHECK failure. · tensorflow/tensorflow@20431e9 · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.h#L295-L306

tensorflow/tensorflow/core/kernels/quantize_and_dequantize_op.h at 95078c145b5a7a43ee046144005f733092756ab5 · tensorflow/tensorflow · GitHub

Jump to

Vulnerability Details : CVE-2021-29544

Products affected by CVE-2021-29544

Exploit prediction scoring system (EPSS) score for CVE-2021-29544

CVSS scores for CVE-2021-29544

CWE ids for CVE-2021-29544

References for CVE-2021-29544