VYPR
← All advisories
Moderate severityNVD Advisory· Published Nov 5, 2021· Updated Aug 4, 2024

Crash in `tf.math.segment_*` operations

CVE-2021-41195

Description

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a segment id in segment_ids is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using AddDim. However, if the number of elements in the tensor overflows an int64_t value, AddDim results in a CHECK failure which provokes a std::abort. Instead, code should use AddDimWithStatus. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
>= 2.6.0, < 2.6.12.6.1
tensorflowPyPI
>= 2.5.0, < 2.5.22.5.2
tensorflowPyPI
< 2.4.42.4.4
tensorflow-cpuPyPI
>= 2.6.0, < 2.6.12.6.1
tensorflow-cpuPyPI
>= 2.5.0, < 2.5.22.5.2
tensorflow-cpuPyPI
< 2.4.42.4.4
tensorflow-gpuPyPI
>= 2.6.0, < 2.6.12.6.1
tensorflow-gpuPyPI
>= 2.5.0, < 2.5.22.5.2
tensorflow-gpuPyPI
< 2.4.42.4.4

Affected products

1

Patches

1
e9c81c1e1a9c

Merge pull request #51733 from yongtang:46888-tf.math.segment_

https://github.com/tensorflow/tensorflowTensorFlower GardenerOct 28, 2021via ghsa
commit
2 files changed · +21 2
  • tensorflow/core/kernels/segment_reduction_ops_impl.h+7 2 modified
    @@ -110,7 +110,9 @@ class SegmentReductionOp : public OpKernel {
                 errors::InvalidArgument("Shape must be at least rank 1"));
 
     TensorShape output_shape = input.shape();
-    output_shape.set_dim(0, output_rows);
+    // Since we're changing the first dimension of the shape, we need to make
+    // sure the new shape won't overflow.
+    OP_REQUIRES_OK(context, output_shape.SetDimWithStatus(0, output_rows));
 
     // Note that we do not initialize the output buffer with a default value, so
     // we need to explicitly set missing indices to the default value.
@@ -290,7 +292,10 @@ class SegmentReductionGPUOp : public AsyncOpKernel {
                         done);
 
       TensorShape output_shape = input.shape();
-      output_shape.set_dim(0, output_rows);
+      // Since we're changing the first dimension of the shape, we need to make
+      // sure the new shape won't overflow.
+      OP_REQUIRES_OK_ASYNC(context,
+                           output_shape.SetDimWithStatus(0, output_rows), done);
 
       Tensor* output = nullptr;
       OP_REQUIRES_OK_ASYNC(
  • tensorflow/python/kernel_tests/segment_reduction_ops_test.py+14 0 modified
    @@ -266,6 +266,20 @@ def testDataInvalid(self):
               data=np.uint16(10), segment_ids=np.array([]).astype("int64"))
           self.evaluate(s)
 
+  def testInvalidIds(self):
+    # Test case for GitHub issue 46888.
+    for op in [
+        math_ops.segment_max,
+        math_ops.segment_min,
+        math_ops.segment_mean,
+        math_ops.segment_sum,
+        math_ops.segment_prod,
+    ]:
+      with self.cached_session(use_gpu=False):
+        with self.assertRaises((ValueError, errors_impl.InternalError)):
+          s = op(data=np.ones((1, 10, 1)), segment_ids=[1676240524292489355])
+          self.evaluate(s)
+
 
 class UnsortedSegmentTest(SegmentReductionHelper):

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.