Vulnerability Details : CVE-2021-41203

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Vulnerability category: Overflow

Published 2021-11-05 21:15:09

Updated 2022-10-20 21:36:58

Source GitHub, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-41203

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 12 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-41203

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	security-advisories@github.com
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-41203

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Assigned by: security-advisories@github.com (Secondary)

References for CVE-2021-41203

https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad

Use BuildTensorShapeBase when parsing unverified TensorShapes during … · tensorflow/tensorflow@b619c6f · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec

Avoid buffer overflow when loading tensors with insufficient data fro… · tensorflow/tensorflow@368af87 · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2

Missing validation during checkpoint loading · Advisory · tensorflow/tensorflow · GitHub
Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578

Prevent crashes when loading tensor slices with unsupported types. · tensorflow/tensorflow@abcced0 · GitHub
Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2

Add BuildTensorSlice for building from unvalidated TensorSliceProtos. · tensorflow/tensorflow@e8dc637 · GitHub
Patch;Third Party Advisory

Products affected by CVE-2021-41203

Google » Tensorflow
Versions from including (>=) 2.5.0 and before (<) 2.5.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions before (<) 2.4.4
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.6.0 and before (<) 2.6.1
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions