Vulnerability Details : CVE-2021-41206
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Exploit prediction scoring system (EPSS) score for CVE-2021-41206
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 12 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-41206
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
nvd@nist.gov |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
nvd@nist.gov |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
security-advisories@github.com |
CWE ids for CVE-2021-41206
-
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-41206
-
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69
Incomplete validation of shapes in multiple TF ops · Advisory · tensorflow/tensorflow · GitHubThird Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261
Roll forward https://github.com/tensorflow/tensorflow/commit/ab0ca4bb… · tensorflow/tensorflow@da4aad5 · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a
Add shape checks to GPU TridiagonalMatMul. · tensorflow/tensorflow@68422b2 · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07
Fix segfault in pools on empty shapes when certain dimension were ver… · tensorflow/tensorflow@4dddb2f · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904
Fix segfault on OOM in Conv2D. · tensorflow/tensorflow@e7f4975 · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d
Fix crash in MatrixSolve when inputs have different batch dimensions. · tensorflow/tensorflow@579261d · GitHubPatch;Third Party Advisory
-
https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4
Fix crash in softmax-xent when some input dimensions are 1. · tensorflow/tensorflow@4d74d8a · GitHubPatch;Third Party Advisory
Products affected by CVE-2021-41206
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*