CVE-2021-29519 : TensorFlow is an end-to-end open source platform for machine learning. The API o

TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3d782b7d47b1bf2ed32bd4a246d6d6cadc4c903d/tensorflow/core/kernels/sparse_cross_op.cc#L114-L116) is tricked to consider a tensor of type `tstring` which in fact contains integral elements. Fixing the type confusion by preventing mixing `DT_STRING` and `DT_INT64` types solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Published 2021-05-14 20:15:11

Updated 2021-05-20 17:24:07

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-29519

Google » Tensorflow
Versions from including (>=) 2.3.0 and before (<) 2.3.3
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions before (<) 2.1.4
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.2.0 and before (<) 2.2.3
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions
Google » Tensorflow
Versions from including (>=) 2.4.0 and before (<) 2.4.2
cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-29519

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-29519

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L	1.0	1.4	GitHub, Inc.
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2021-29519

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2021-29519

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-772j-h9xw-ffp5

`CHECK`-fail in `SparseCross` due to type confusion · Advisory · tensorflow/tensorflow · GitHub
Exploit;Patch;Third Party Advisory
https://github.com/tensorflow/tensorflow/commit/b1cc5e5a50e7cee09f2c6eb48eb40ee9c4125025

Fix `tf.raw_ops.SparseCross` failing CHECK. · tensorflow/tensorflow@b1cc5e5 · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-29519

Products affected by CVE-2021-29519

Exploit prediction scoring system (EPSS) score for CVE-2021-29519

CVSS scores for CVE-2021-29519

CWE ids for CVE-2021-29519

References for CVE-2021-29519