cvelistv5 - CVE-2021-41197

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/issues/46890	Exploit, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/issues/51908	Exploit, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/issues/46890	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/issues/51908	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p	Patch, Third Party Advisory

pysec-2021-607

Vulnerability from pysec

Published

2021-11-05 20:15

Modified

2021-12-09 06:35

Details

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu",
        "purl": "pkg:pypi/tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
            },
            {
              "fixed": "d81b1351da3e8c884ff836b64458d94e4a157c15"
            },
            {
              "fixed": "7c1692bd417eb4f9b33ead749a41166d6080af85"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            },
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            },
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            },
            {
              "introduced": "2.7.0rc0"
            },
            {
              "fixed": "2.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.15.0",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.3.4",
        "2.4.0",
        "2.4.1",
        "2.4.2",
        "2.4.3",
        "2.5.0",
        "2.5.1",
        "2.6.0",
        "2.7.0rc0",
        "2.7.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41197",
    "GHSA-prcg-wp5q-rv7p"
  ],
  "details": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
  "id": "PYSEC-2021-607",
  "modified": "2021-12-09T06:35:07.147316Z",
  "published": "2021-11-05T20:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/tensorflow/tensorflow/issues/46890"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/tensorflow/tensorflow/issues/51908"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"
    }
  ]
}

pysec-2021-390

Vulnerability from pysec

Published

2021-11-05 20:15

Modified

2021-11-13 06:52

Details

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow",
        "purl": "pkg:pypi/tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
            },
            {
              "fixed": "d81b1351da3e8c884ff836b64458d94e4a157c15"
            },
            {
              "fixed": "7c1692bd417eb4f9b33ead749a41166d6080af85"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            },
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            },
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            },
            {
              "introduced": "2.7.0rc0"
            },
            {
              "fixed": "2.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.11.0",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.15.0",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.15.5",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.9.0",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.0.4",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.0rc0",
        "2.2.0rc1",
        "2.2.0rc2",
        "2.2.0rc3",
        "2.2.0rc4",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.0rc0",
        "2.3.0rc1",
        "2.3.0rc2",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.3.4",
        "2.4.0",
        "2.4.0rc0",
        "2.4.0rc1",
        "2.4.0rc2",
        "2.4.0rc3",
        "2.4.0rc4",
        "2.4.1",
        "2.4.2",
        "2.4.3",
        "2.5.0",
        "2.5.1",
        "2.6.0",
        "2.7.0rc0",
        "2.7.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41197",
    "GHSA-prcg-wp5q-rv7p"
  ],
  "details": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
  "id": "PYSEC-2021-390",
  "modified": "2021-11-13T06:52:41.833730Z",
  "published": "2021-11-05T20:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/tensorflow/tensorflow/issues/46890"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/tensorflow/tensorflow/issues/51908"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"
    }
  ]
}

pysec-2021-805

Vulnerability from pysec

Published

2021-11-05 20:15

Modified

2021-12-09 06:35

Details

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu",
        "purl": "pkg:pypi/tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
            },
            {
              "fixed": "d81b1351da3e8c884ff836b64458d94e4a157c15"
            },
            {
              "fixed": "7c1692bd417eb4f9b33ead749a41166d6080af85"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            },
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            },
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            },
            {
              "introduced": "2.7.0rc0"
            },
            {
              "fixed": "2.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.11.0",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.15.0",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.15.5",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.9.0",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.0.4",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.3.4",
        "2.4.0",
        "2.4.1",
        "2.4.2",
        "2.4.3",
        "2.5.0",
        "2.5.1",
        "2.6.0",
        "2.7.0rc0",
        "2.7.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41197",
    "GHSA-prcg-wp5q-rv7p"
  ],
  "details": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
  "id": "PYSEC-2021-805",
  "modified": "2021-12-09T06:35:40.728775Z",
  "published": "2021-11-05T20:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/tensorflow/tensorflow/issues/46890"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/tensorflow/tensorflow/issues/51908"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"
    }
  ]
}

ghsa-prcg-wp5q-rv7p

Vulnerability from github

Published

2021-11-10 19:35

Modified

2024-11-13 21:45

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

Details

Impact

TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary.

For example AddDim calls should be replaced by AddDimWithStatus.

This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs).

Patches

We have patched the issue in GitHub commits 7c1692bd417eb4f9b33ead749a41166d6080af85 (merging #51732), d81b1351da3e8c884ff836b64458d94e4a157c15 (merging #51717), a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf (merging #51658), and d81b1351da3e8c884ff836b64458d94e4a157c15 (merging #51973). It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered.

The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported externally via GitHub issue, GitHub issue and GitHub issue.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T22:54:14Z",
    "nvd_published_at": "2021-11-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nTensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary.\n\nFor example [`AddDim`](https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/framework/tensor_shape.cc#L395-L408) calls should be replaced by [`AddDimWithStatus`](https://github.com/tensorflow/tensorflow/blob/0b6b491d21d6a4eb5fbab1cca565bc1e94ca9543/tensorflow/core/framework/tensor_shape.cc#L410-L440).\n\nThis is similar to [CVE-2021-29584](https://github.com/tensorflow/tensorflow/blob/3a74f0307236fe206b046689c4d76f57c9b74eee/tensorflow/security/advisory/tfsa-2021-071.md) (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs).\n\n### Patches\nWe have patched the issue in GitHub commits [7c1692bd417eb4f9b33ead749a41166d6080af85](https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85) (merging [#51732](https://github.com/tensorflow/tensorflow/pull/51732)), [d81b1351da3e8c884ff836b64458d94e4a157c15](https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15) (merging [#51717](https://github.com/tensorflow/tensorflow/pull/51717)), [a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf](https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf) (merging [#51658](https://github.com/tensorflow/tensorflow/pull/51658)), and [d81b1351da3e8c884ff836b64458d94e4a157c15](https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15) (merging [#51973](https://github.com/tensorflow/tensorflow/pull/51973)). It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered.\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information \nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported externally via [GitHub issue](https://github.com/tensorflow/tensorflow/issues/46890), [GitHub issue](https://github.com/tensorflow/tensorflow/issues/51618) and [GitHub issue](https://github.com/tensorflow/tensorflow/issues/51908).",
  "id": "GHSA-prcg-wp5q-rv7p",
  "modified": "2024-11-13T21:45:57Z",
  "published": "2021-11-10T19:35:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41197"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/issues/46890"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/issues/51908"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-607.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-805.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-390.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes"
}

gsd-2021-41197

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Aliases

CVE-2021-41197

Aliases

CVE-2021-41197

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-41197",
    "description": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
    "id": "GSD-2021-41197",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-41197.html",
      "https://security.archlinux.org/CVE-2021-41197"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-41197"
      ],
      "details": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
      "id": "GSD-2021-41197",
      "modified": "2023-12-13T01:23:27.613201Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-41197",
        "STATE": "PUBLIC",
        "TITLE": "Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "tensorflow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 2.6.0, \u003c 2.6.1"
                        },
                        {
                          "version_value": "\u003e= 2.5.0, \u003c 2.5.2"
                        },
                        {
                          "version_value": "\u003c 2.4.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "tensorflow"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-190: Integer Overflow or Wraparound"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p",
            "refsource": "CONFIRM",
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/issues/46890",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/issues/46890"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/issues/51908",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/issues/51908"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-prcg-wp5q-rv7p",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2.6.0,\u003c2.6.1||\u003e=2.5.0,\u003c2.5.2||\u003c2.4.4",
          "affected_versions": "All versions starting from 2.6.0 before 2.6.1, all versions starting from 2.5.0 before 2.5.2, all versions before 2.4.4",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-190",
            "CWE-937"
          ],
          "date": "2021-11-10",
          "description": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.6.1",
            "2.4.4",
            "2.4.4"
          ],
          "identifier": "CVE-2021-41197",
          "identifiers": [
            "GHSA-prcg-wp5q-rv7p",
            "CVE-2021-41197"
          ],
          "not_impacted": "All versions before 2.6.0, all versions starting from 2.6.1, all versions before 2.5.0, all versions starting from 2.4.4 before 2.5.2",
          "package_slug": "pypi/tensorflow-cpu",
          "pubdate": "2021-11-10",
          "solution": "Upgrade to versions 2.6.1, 2.4.4, 2.4.4 or above.",
          "title": "Integer Overflow or Wraparound",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-41197",
            "https://github.com/tensorflow/tensorflow/issues/46890",
            "https://github.com/tensorflow/tensorflow/issues/51908",
            "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85",
            "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf",
            "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15",
            "https://github.com/advisories/GHSA-prcg-wp5q-rv7p"
          ],
          "uuid": "84b32fac-9268-46f5-81ed-30d719647f49"
        },
        {
          "affected_range": "\u003e=2.6.0,\u003c2.6.1||\u003e=2.5.0,\u003c2.5.2||\u003c2.4.4",
          "affected_versions": "All versions starting from 2.6.0 before 2.6.1, all versions starting from 2.5.0 before 2.5.2, all versions before 2.4.4",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-190",
            "CWE-937"
          ],
          "date": "2021-11-10",
          "description": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.6.1",
            "2.4.4",
            "2.4.4"
          ],
          "identifier": "CVE-2021-41197",
          "identifiers": [
            "GHSA-prcg-wp5q-rv7p",
            "CVE-2021-41197"
          ],
          "not_impacted": "All versions before 2.6.0, all versions starting from 2.6.1, all versions before 2.5.0, all versions starting from 2.4.4 before 2.5.2",
          "package_slug": "pypi/tensorflow-gpu",
          "pubdate": "2021-11-10",
          "solution": "Upgrade to versions 2.6.1, 2.4.4, 2.4.4 or above.",
          "title": "Integer Overflow or Wraparound",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-41197",
            "https://github.com/tensorflow/tensorflow/issues/46890",
            "https://github.com/tensorflow/tensorflow/issues/51908",
            "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85",
            "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf",
            "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15",
            "https://github.com/advisories/GHSA-prcg-wp5q-rv7p"
          ],
          "uuid": "afd75f66-ecda-4102-beab-9c2cc3ba19c1"
        },
        {
          "affected_range": "\u003c2.4.4||\u003e=2.5.0,\u003c2.5.2||\u003e=2.6.0,\u003c2.6.1",
          "affected_versions": "All versions before 2.4.4, all versions starting from 2.5.0 before 2.5.2, all versions starting from 2.6.0 before 2.6.1",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-190",
            "CWE-937"
          ],
          "date": "2021-11-09",
          "description": "TensorFlow is an open source platform for machine learning.However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary.",
          "fixed_versions": [
            "2.4.4",
            "2.5.2",
            "2.6.1"
          ],
          "identifier": "CVE-2021-41197",
          "identifiers": [
            "CVE-2021-41197",
            "GHSA-prcg-wp5q-rv7p"
          ],
          "not_impacted": "All versions starting from 2.4.4 before 2.5.0, all versions starting from 2.5.2 before 2.6.0, all versions starting from 2.6.1",
          "package_slug": "pypi/tensorflow",
          "pubdate": "2021-11-05",
          "solution": "Upgrade to versions 2.4.4, 2.5.2, 2.6.1 or above.",
          "title": "Integer Overflow or Wraparound",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-41197",
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p",
            "https://github.com/tensorflow/tensorflow/issues/46890",
            "https://github.com/tensorflow/tensorflow/issues/51908"
          ],
          "uuid": "7e7e3e3d-6312-480f-8bef-c9eab5205067"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.5.2",
                "versionStartIncluding": "2.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.6.1",
                "versionStartIncluding": "2.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41197"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/issues/46890",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/issues/46890"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/issues/51908",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/issues/51908"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-11-09T14:30Z",
      "publishedDate": "2021-11-05T20:15Z"
    }
  }
}

CVE-2021-41197

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2021-41197

Vulnerability from cvelistv5

pysec-2021-607

Vulnerability from pysec

pysec-2021-390

Vulnerability from pysec

pysec-2021-805

Vulnerability from pysec

ghsa-prcg-wp5q-rv7p

Vulnerability from github

Impact

Patches

For more information

Attribution

gsd-2021-41197

Vulnerability from gsd

Tags

Sightings

Nomenclature