Moderate severityNVD Advisory· Published May 14, 2021· Updated Aug 3, 2024

Incomplete validation in `SparseSparseMinimum`

CVE-2021-29607

Description

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/sparse_sparse_binary_op_shared.cc) has a large set of validation for the two sparse tensor inputs (6 tensors in total), but does not validate that the tensors are not empty or that the second dimension of *_indices matches the size of corresponding *_shape. This allows attackers to send tensor triples that represent invalid sparse tensors to abuse code assumptions that are not protected by validation. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.1.4	2.1.4
tensorflowPyPI	>= 2.2.0, < 2.2.3	2.2.3
tensorflowPyPI	>= 2.3.0, < 2.3.3	2.3.3
tensorflowPyPI	>= 2.4.0, < 2.4.2	2.4.2
tensorflow-cpuPyPI	< 2.1.4	2.1.4
tensorflow-cpuPyPI	>= 2.2.0, < 2.2.3	2.2.3
tensorflow-cpuPyPI	>= 2.3.0, < 2.3.3	2.3.3
tensorflow-cpuPyPI	>= 2.4.0, < 2.4.2	2.4.2
tensorflow-gpuPyPI	< 2.1.4	2.1.4
tensorflow-gpuPyPI	>= 2.2.0, < 2.2.3	2.2.3
tensorflow-gpuPyPI	>= 2.3.0, < 2.3.3	2.3.3
tensorflow-gpuPyPI	>= 2.4.0, < 2.4.2	2.4.2

Affected products

Tensorflow/Tensorflowv5
Range: < 2.1.4

Patches

f6fde895ef9c

Validate that a and b are proper sparse tensors

https://github.com/tensorflow/tensorflowMihai MaruseacMay 12, 2021via ghsa

commit

1 file changed · +9 −6

tensorflow/core/kernels/sparse_sparse_binary_op_shared.cc+9 −6 modified

@@ -150,6 +150,7 @@ class SparseSparseBinaryOpShared : public OpKernel {
 
     const int64 a_nnz = a_indices_t->dim_size(0);
     const int64 b_nnz = b_indices_t->dim_size(0);
+
     const auto a_values = a_values_t->vec<T>();
     const auto b_values = b_values_t->vec<T>();
 
@@ -166,6 +167,14 @@ class SparseSparseBinaryOpShared : public OpKernel {
                     "Input shapes should be a vector but received shapes ",
                     a_shape_t->shape().DebugString(), " and ",
                     b_shape_t->shape().DebugString()));
+    const int num_dims = a_indices_t->dim_size(1);
+    OP_REQUIRES(
+        ctx, a_shape_t->NumElements() == num_dims,
+        errors::InvalidArgument("Second dimension of a_indices and length of "
+                                "a_shape must match, got ",
+                                num_dims, " and ", a_shape_t->NumElements()));
+    OP_REQUIRES(ctx, num_dims > 0,
+                errors::InvalidArgument("Tensors must not be empty"));
     OP_REQUIRES(ctx, a_shape_t->IsSameSize(*b_shape_t),
                 errors::InvalidArgument(
                     "Operands do not have the same ranks; got shapes: ",
@@ -180,12 +189,6 @@ class SparseSparseBinaryOpShared : public OpKernel {
                                           " for dimension ", i));
     }
 
-    OP_REQUIRES(
-        ctx, a_indices_t->dim_size(1) == b_indices_t->dim_size(1),
-        errors::InvalidArgument(
-            "Indices' dimensions do not match: got ", a_indices_t->dim_size(1),
-            " and ", b_indices_t->dim_size(1), " for the second dimension."));
-    const int num_dims = a_indices_t->dim_size(1);
     const auto a_indices_mat = a_indices_t->matrix<int64>();
     const auto b_indices_mat = b_indices_t->matrix<int64>();
     std::vector<T> a_augmented_values, b_augmented_values;

ba6822bd7b73

Fix OOB issue with `tf.raw_ops.SparseSparseMinimum`.

https://github.com/tensorflow/tensorflowAmit PatankarApr 28, 2021via ghsa

commit

1 file changed · +5 −0

tensorflow/core/kernels/sparse_sparse_binary_op_shared.cc+5 −0 modified

@@ -180,6 +180,11 @@ class SparseSparseBinaryOpShared : public OpKernel {
                                           " for dimension ", i));
     }
 
+    OP_REQUIRES(
+        ctx, a_indices_t->dim_size(1) == b_indices_t->dim_size(1),
+        errors::InvalidArgument(
+            "Indices' dimensions do not match: got ", a_indices_t->dim_size(1),
+            " and ", b_indices_t->dim_size(1), " for the second dimension."));
     const int num_dims = a_indices_t->dim_size(1);
     const auto a_indices_mat = a_indices_t->matrix<int64>();
     const auto b_indices_mat = b_indices_t->matrix<int64>();

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-gv26-jpj9-c8gqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-29607ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-535.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-733.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-244.yamlghsaWEB
github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/commit/f6fde895ef9c77d848061c0517f19d0ec2682f3aghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-gv26-jpj9-c8gqghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000