CHECK-fail in `QuantizeAndDequantizeV4Grad`
Description
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input_* tensors. In turn, this results in the tensors being passes as they are to QuantizeAndDequantizePerChannelGradientImpl. However, the vec<T> method, requires the rank to 1 and triggers a CHECK failure otherwise. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 as this is the only other affected version.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-cpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
tensorflow-gpuPyPI | >= 2.4.0, < 2.4.2 | 2.4.2 |
Affected products
1- Range: >= 2.4.0, < 2.4.2
Patches
120431e9044cfFix `tf.raw_ops.QuantizeAndDequantizeV4Grad` CHECK failure.
1 file changed · +10 −0
tensorflow/core/kernels/quantize_and_dequantize_op.cc+10 −0 modified@@ -160,7 +160,17 @@ class QuantizeAndDequantizeV4GradientOp : public OpKernel { errors::InvalidArgument("gradient and input must be the same size")); const int depth = (axis_ == -1) ? 1 : input.dim_size(axis_); const Tensor& input_min_tensor = ctx->input(2); + OP_REQUIRES(ctx, + input_min_tensor.dims() == 0 || input_min_tensor.dims() == 1, + errors::InvalidArgument( + "Input min tensor must have dimension 1. Recieved ", + input_min_tensor.dims(), ".")); const Tensor& input_max_tensor = ctx->input(3); + OP_REQUIRES(ctx, + input_max_tensor.dims() == 0 || input_max_tensor.dims() == 1, + errors::InvalidArgument( + "Input max tensor must have dimension 1. Recieved ", + input_max_tensor.dims(), ".")); if (axis_ != -1) { OP_REQUIRES( ctx, input_min_tensor.dim_size(0) == depth,
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-6g85-3hm8-83f9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29544ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-472.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-670.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-181.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/blob/95078c145b5a7a43ee046144005f733092756ab5/tensorflow/core/kernels/quantize_and_dequantize_op.hghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/20431e9044cf2ad3c0323c34888b192f3289af6bghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-6g85-3hm8-83f9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.