CVE-2021-29544
Description
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.QuantizeAndDequantizeV4Grad`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L162-L163) does not validate the rank of the `input_*` tensors. In turn, this results in the tensors being passes as they are to `QuantizeAndDequantizePerChannelGradientImpl`(https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.h#L295-L306). However, the `vec<T>` method, requires the rank to 1 and triggers a `CHECK` failure otherwise. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 as this is the only other affected version.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-29544
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 2.5.0-1 | |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | tensorflow | >=2.4.0,<2.4.2 | 2.4.2 |
| PyPI | tensorflow-cpu | >=2.4.0,<2.4.2 | 2.4.2 |
| PyPI | tensorflow-gpu | >=2.4.0,<2.4.2 | 2.4.2 |
| PyPI | tensorflow | <20431e9044cf2ad3c0323c34888b192f3289af6b||>=2.4.0,<2.4.3 | 20431e9044cf2ad3c0323c34888b192f3289af6b |
| PyPI | tensorflow-cpu | <20431e9044cf2ad3c0323c34888b192f3289af6b||>=2.4.0,<2.4.3 | 20431e9044cf2ad3c0323c34888b192f3289af6b |
| PyPI | tensorflow-gpu | <20431e9044cf2ad3c0323c34888b192f3289af6b||>=2.4.0,<2.4.3 | 20431e9044cf2ad3c0323c34888b192f3289af6b |
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6g85-3hm8-83f9
- https://nvd.nist.gov/vuln/detail/CVE-2021-29544
- https://github.com/tensorflow/tensorflow/commit/20431e9044cf2ad3c0323c34888b192f3289af6b
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-472.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-670.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-181.yaml
- https://github.com/tensorflow/tensorflow
- https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L162-L163
- https://github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.h#L295-L306
- https://security-tracker.debian.org/tracker/CVE-2021-29544
Verify integrity in audit chain (admin only). AS-IS.