Vulnerability Details : CVE-2021-29557
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.SparseMatMul`. The division by 0 occurs deep in Eigen code because the `b` tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2021-29557
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-29557
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
nvd@nist.gov |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
nvd@nist.gov |
|
2.5
|
LOW | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.0
|
1.4
|
security-advisories@github.com |
CWE ids for CVE-2021-29557
-
The product divides a value by zero.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-29557
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xw93-v57j-fcgh
Division by 0 in `SparseMatMul` · Advisory · tensorflow/tensorflow · GitHubExploit;Patch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/7f283ff806b2031f407db64c4d3edcda8fb9f9f5
Fix FPE issue in external Eigen source code issue with `tf.raw_ops.Sp… · tensorflow/tensorflow@7f283ff · GitHubPatch;Third Party Advisory
Products affected by CVE-2021-29557
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*