CVE-2021-29521
Description
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.raw_ops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L199-L213) assumes the first element of the dense shape is always positive and uses it to initialize a BatchedMap (i.e., std::vector<absl::flat_hash_map<int64,T>>(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L27)) data structure. If the shape tensor has more than one element, num_batches is the first value in shape. Ensuring that the dense_shape argument is a valid tensor shape (that is, all elements are non-negative) solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflowPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-cpuPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflow-cpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-gpuPyPI | >= 2.3.0, < 2.3.3 | 2.3.3 |
tensorflow-gpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
Affected products
5- osv-coords4 versions
>= 2.3.0, < 2.3.3+ 3 more
- (no CPE)range: >= 2.3.0, < 2.3.3
- (no CPE)range: >= 2.3.0, < 2.3.3
- (no CPE)range: >= 2.3.0, < 2.3.3
- (no CPE)range: >= 2.3.0, < 2.3.3
- Range: < 2.3.3
Patches
Vulnerability mechanics
References
7- github.com/tensorflow/tensorflow/commit/c57c0b9f3a4f8684f3489dd9a9ec627ad8b599f5nvdPatchThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-hr84-fqvp-48mmnvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-hr84-fqvp-48mmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29521ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-449.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-647.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-158.yamlghsaWEB
News mentions
0No linked articles in our index yet.