Vulnerability-Lookup

CVE-2021-29547 (GCVE-0-2021-29547)

Vulnerability from cvelistv5 – Published: 2021-05-14 19:10 – Updated: 2024-08-03 22:11

Title

Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`

Summary

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat<T>()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Severity ?

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

URL

Tags

	https://github.com/tensorflow/tensorflow/commit/d…	x_refsource_MISC
	https://github.com/tensorflow/tensorflow/security…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	tensorflow	tensorflow	Affected: < 2.1.4 Affected: >= 2.2.0, < 2.2.3 Affected: >= 2.3.0, < 2.3.3 Affected: >= 2.4.0, < 2.4.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:05.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.1.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.4.0, \u003c 2.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-14T19:10:50",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
        }
      ],
      "source": {
        "advisory": "GHSA-4fg4-p75j-w5xj",
        "discovery": "UNKNOWN"
      },
      "title": "Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29547",
          "STATE": "PUBLIC",
          "TITLE": "Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.1.4"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.3"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.3"
                          },
                          {
                            "version_value": "\u003e= 2.4.0, \u003c 2.4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125: Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4fg4-p75j-w5xj",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-29547",
    "datePublished": "2021-05-14T19:10:50",
    "dateReserved": "2021-03-30T00:00:00",
    "dateUpdated": "2024-08-03T22:11:05.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.1.4\", \"matchCriteriaId\": \"323ABCCE-24EB-47CC-87F6-48C101477587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.0\", \"versionEndExcluding\": \"2.2.3\", \"matchCriteriaId\": \"64ABA90C-0649-4BB0-89C9-83C14BBDCC0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndExcluding\": \"2.3.3\", \"matchCriteriaId\": \"0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.0\", \"versionEndExcluding\": \"2.4.2\", \"matchCriteriaId\": \"8259531B-A8AC-4F8B-B60F-B69DE4767C03\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\"}, {\"lang\": \"es\", \"value\": \"TensorFlow es una plataforma de c\\u00f3digo abierto de extremo a extremo para el aprendizaje autom\\u00e1tico.\u0026#xa0;Un atacante puede causar un fallo secundario y una denegaci\\u00f3n de servicio por medio del acceso a datos fuera de l\\u00edmites en \\\"tf.raw_ops.QuantizedBatchNormWithGlobalNormalization\\\".\u0026#xa0;Esto es debido a que la implementaci\\u00f3n (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) asume que las entradas no est\\u00e1n vac\\u00edas.\u0026#xa0;Si alguna de estas entradas est\\u00e1 vac\\u00eda, \\\".flat(T)()\\\" es un b\\u00fafer vac\\u00edo, por lo que acceder al elemento en el \\u00edndice 0 es acceder a datos fuera de l\\u00edmites.\u0026#xa0;La correcci\\u00f3n ser\\u00e1 incluida en TensorFlow versi\\u00f3n 2.5.0.\u0026#xa0;Tambi\\u00e9n seleccionaremos este commit en TensorFlow versi\\u00f3n 2.4.2, TensorFlow versi\\u00f3n 2.3.3, TensorFlow versi\\u00f3n 2.2.3 y TensorFlow versi\\u00f3n 2.1.4, ya que estos tambi\\u00e9n est\\u00e1n afectados y a\\u00fan est\\u00e1n en el rango compatible\"}]",
      "id": "CVE-2021-29547",
      "lastModified": "2024-11-21T06:01:21.313",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 2.5, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-05-14T20:15:12.763",
      "references": "[{\"url\": \"https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-29547\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-05-14T20:15:12.763\",\"lastModified\":\"2024-11-21T06:01:21.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\"},{\"lang\":\"es\",\"value\":\"TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico.\u0026#xa0;Un atacante puede causar un fallo secundario y una denegaci\u00f3n de servicio por medio del acceso a datos fuera de l\u00edmites en \\\"tf.raw_ops.QuantizedBatchNormWithGlobalNormalization\\\".\u0026#xa0;Esto es debido a que la implementaci\u00f3n (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) asume que las entradas no est\u00e1n vac\u00edas.\u0026#xa0;Si alguna de estas entradas est\u00e1 vac\u00eda, \\\".flat(T)()\\\" es un b\u00fafer vac\u00edo, por lo que acceder al elemento en el \u00edndice 0 es acceder a datos fuera de l\u00edmites.\u0026#xa0;La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.5.0.\u0026#xa0;Tambi\u00e9n seleccionaremos este commit en TensorFlow versi\u00f3n 2.4.2, TensorFlow versi\u00f3n 2.3.3, TensorFlow versi\u00f3n 2.2.3 y TensorFlow versi\u00f3n 2.1.4, ya que estos tambi\u00e9n est\u00e1n afectados y a\u00fan est\u00e1n en el rango compatible\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.4\",\"matchCriteriaId\":\"323ABCCE-24EB-47CC-87F6-48C101477587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.3\",\"matchCriteriaId\":\"64ABA90C-0649-4BB0-89C9-83C14BBDCC0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.3\",\"matchCriteriaId\":\"0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.2\",\"matchCriteriaId\":\"8259531B-A8AC-4F8B-B60F-B69DE4767C03\"}]}]}],\"references\":[{\"url\":\"https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

GHSA-4FG4-P75J-W5XJ

Vulnerability from github – Published: 2021-05-21 14:23 – Updated: 2024-10-31 20:42

Summary

Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`

Details

Impact

An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization:

import tensorflow as tf

t = tf.constant([1], shape=[1, 1, 1, 1], dtype=tf.quint8)
t_min = tf.constant([], shape=[0], dtype=tf.float32)
t_max = tf.constant([], shape=[0], dtype=tf.float32)
m = tf.constant([1], shape=[1], dtype=tf.quint8)
m_min = tf.constant([], shape=[0], dtype=tf.float32)
m_max = tf.constant([], shape=[0], dtype=tf.float32)
v = tf.constant([1], shape=[1], dtype=tf.quint8)
v_min = tf.constant([], shape=[0], dtype=tf.float32)
v_max = tf.constant([], shape=[0], dtype=tf.float32)
beta = tf.constant([1], shape=[1], dtype=tf.quint8)
beta_min = tf.constant([], shape=[0], dtype=tf.float32)
beta_max = tf.constant([], shape=[0], dtype=tf.float32)
gamma = tf.constant([1], shape=[1], dtype=tf.quint8)
gamma_min = tf.constant([], shape=[0], dtype=tf.float32)
gamma_max = tf.constant([], shape=[0], dtype=tf.float32) 

tf.raw_ops.QuantizedBatchNormWithGlobalNormalization(
  t=t, t_min=t_min, t_max=t_max, m=m, m_min=m_min, m_max=m_max,
  v=v, v_min=v_min, v_max=v_max, beta=beta, beta_min=beta_min,
  beta_max=beta_max, gamma=gamma, gamma_min=gamma_min,
  gamma_max=gamma_max, out_type=tf.qint32,
  variance_epsilon=0.1, scale_after_normalization=True)

This is because the implementation assumes the inputs are not empty:

const float input_min = context->input(1).flat<float>()(0);
const float input_max = context->input(2).flat<float>()(0);
...
const float mean_min = context->input(4).flat<float>()(0);
const float mean_max = context->input(5).flat<float>()(0);
...
const float var_min = context->input(7).flat<float>()(0);
const float var_max = context->input(8).flat<float>()(0);
...
const float beta_min = context->input(10).flat<float>()(0);
const float beta_max = context->input(11).flat<float>()(0);
...
const float gamma_min = context->input(13).flat<float>()(0);
const float gamma_max = context->input(14).flat<float>()(0);

If any of these inputs is empty, .flat<T>() is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds.

Patches

We have patched the issue in GitHub commit d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.

Severity ?

2.5 (Low)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

2.0 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-18T21:42:27Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nAn attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`:\n\n```python\nimport tensorflow as tf\n\nt = tf.constant([1], shape=[1, 1, 1, 1], dtype=tf.quint8)\nt_min = tf.constant([], shape=[0], dtype=tf.float32)\nt_max = tf.constant([], shape=[0], dtype=tf.float32)\nm = tf.constant([1], shape=[1], dtype=tf.quint8)\nm_min = tf.constant([], shape=[0], dtype=tf.float32)\nm_max = tf.constant([], shape=[0], dtype=tf.float32)\nv = tf.constant([1], shape=[1], dtype=tf.quint8)\nv_min = tf.constant([], shape=[0], dtype=tf.float32)\nv_max = tf.constant([], shape=[0], dtype=tf.float32)\nbeta = tf.constant([1], shape=[1], dtype=tf.quint8)\nbeta_min = tf.constant([], shape=[0], dtype=tf.float32)\nbeta_max = tf.constant([], shape=[0], dtype=tf.float32)\ngamma = tf.constant([1], shape=[1], dtype=tf.quint8)\ngamma_min = tf.constant([], shape=[0], dtype=tf.float32)\ngamma_max = tf.constant([], shape=[0], dtype=tf.float32) \n\ntf.raw_ops.QuantizedBatchNormWithGlobalNormalization(\n  t=t, t_min=t_min, t_max=t_max, m=m, m_min=m_min, m_max=m_max,\n  v=v, v_min=v_min, v_max=v_max, beta=beta, beta_min=beta_min,\n  beta_max=beta_max, gamma=gamma, gamma_min=gamma_min,\n  gamma_max=gamma_max, out_type=tf.qint32,\n  variance_epsilon=0.1, scale_after_normalization=True)\n```                         \n                            \nThis is because the [implementation](https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty: \n  \n```cc\nconst float input_min = context-\u003einput(1).flat\u003cfloat\u003e()(0);\nconst float input_max = context-\u003einput(2).flat\u003cfloat\u003e()(0);\n...\nconst float mean_min = context-\u003einput(4).flat\u003cfloat\u003e()(0);\nconst float mean_max = context-\u003einput(5).flat\u003cfloat\u003e()(0);\n...\nconst float var_min = context-\u003einput(7).flat\u003cfloat\u003e()(0);\nconst float var_max = context-\u003einput(8).flat\u003cfloat\u003e()(0);\n...\nconst float beta_min = context-\u003einput(10).flat\u003cfloat\u003e()(0);\nconst float beta_max = context-\u003einput(11).flat\u003cfloat\u003e()(0);\n...\nconst float gamma_min = context-\u003einput(13).flat\u003cfloat\u003e()(0);\nconst float gamma_max = context-\u003einput(14).flat\u003cfloat\u003e()(0);\n```\n\nIf any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds.\n\n### Patches\nWe have patched the issue in GitHub commit [d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b](https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
  "id": "GHSA-4fg4-p75j-w5xj",
  "modified": "2024-10-31T20:42:12Z",
  "published": "2021-05-21T14:23:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29547"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-475.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-673.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-184.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`"
}

PYSEC-2021-673

Vulnerability from pysec - Published: 2021-05-14 20:15 - Updated: 2021-12-09 06:35

Details

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, .flat<T>() is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Impacted products

Name	purl
tensorflow-gpu	pkg:pypi/tensorflow-gpu

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu",
        "purl": "pkg:pypi/tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0rc0"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.3.0rc0"
            },
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.4"
            },
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.11.0",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.15.0",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.15.5",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.9.0",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.0.4",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.4.0",
        "2.4.1",
        "2.4.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29547",
    "GHSA-4fg4-p75j-w5xj"
  ],
  "details": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
  "id": "PYSEC-2021-673",
  "modified": "2021-12-09T06:35:22.966902Z",
  "published": "2021-05-14T20:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
    }
  ]
}

PYSEC-2021-184

Vulnerability from pysec - Published: 2021-05-14 20:15 - Updated: 2021-08-27 03:22

Details

Impacted products

Name	purl
tensorflow	pkg:pypi/tensorflow

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow",
        "purl": "pkg:pypi/tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0rc0"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.3.0rc0"
            },
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.4"
            },
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.0rc0",
        "0.12.0rc1",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.1.0rc0",
        "1.1.0rc1",
        "1.1.0rc2",
        "1.10.0",
        "1.10.0rc0",
        "1.10.0rc1",
        "1.10.1",
        "1.11.0",
        "1.11.0rc0",
        "1.11.0rc1",
        "1.11.0rc2",
        "1.12.0",
        "1.12.0rc0",
        "1.12.0rc1",
        "1.12.0rc2",
        "1.12.2",
        "1.12.3",
        "1.13.0rc0",
        "1.13.0rc1",
        "1.13.0rc2",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.14.0rc0",
        "1.14.0rc1",
        "1.15.0",
        "1.15.0rc0",
        "1.15.0rc1",
        "1.15.0rc2",
        "1.15.0rc3",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.15.5",
        "1.2.0",
        "1.2.0rc0",
        "1.2.0rc1",
        "1.2.0rc2",
        "1.2.1",
        "1.3.0",
        "1.3.0rc0",
        "1.3.0rc1",
        "1.3.0rc2",
        "1.4.0",
        "1.4.0rc0",
        "1.4.0rc1",
        "1.4.1",
        "1.5.0",
        "1.5.0rc0",
        "1.5.0rc1",
        "1.5.1",
        "1.6.0",
        "1.6.0rc0",
        "1.6.0rc1",
        "1.7.0",
        "1.7.0rc0",
        "1.7.0rc1",
        "1.7.1",
        "1.8.0",
        "1.8.0rc0",
        "1.8.0rc1",
        "1.9.0",
        "1.9.0rc0",
        "1.9.0rc1",
        "1.9.0rc2",
        "2.0.0",
        "2.0.0a0",
        "2.0.0b0",
        "2.0.0b1",
        "2.0.0rc0",
        "2.0.0rc1",
        "2.0.0rc2",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.0.4",
        "2.1.0",
        "2.1.0rc0",
        "2.1.0rc1",
        "2.1.0rc2",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.4.0",
        "2.4.1",
        "2.4.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29547",
    "GHSA-4fg4-p75j-w5xj"
  ],
  "details": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
  "id": "PYSEC-2021-184",
  "modified": "2021-08-27T03:22:29.791310Z",
  "published": "2021-05-14T20:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
    }
  ]
}

PYSEC-2021-475

Vulnerability from pysec - Published: 2021-05-14 20:15 - Updated: 2021-12-09 06:34

Details

Impacted products

Name	purl
tensorflow-cpu	pkg:pypi/tensorflow-cpu

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu",
        "purl": "pkg:pypi/tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0rc0"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.3.0rc0"
            },
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.4"
            },
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.15.0",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.1.3",
        "2.1.4",
        "2.2.0",
        "2.2.1",
        "2.2.2",
        "2.2.3",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.4.0",
        "2.4.1",
        "2.4.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29547",
    "GHSA-4fg4-p75j-w5xj"
  ],
  "details": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
  "id": "PYSEC-2021-475",
  "modified": "2021-12-09T06:34:50.647185Z",
  "published": "2021-05-14T20:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
    }
  ]
}

GSD-2021-29547

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-29547

Aliases

CVE-2021-29547

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-29547",
    "description": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
    "id": "GSD-2021-29547",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-29547.html",
      "https://security.archlinux.org/CVE-2021-29547"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-29547"
      ],
      "details": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
      "id": "GSD-2021-29547",
      "modified": "2023-12-13T01:23:36.658765Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-29547",
        "STATE": "PUBLIC",
        "TITLE": "Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "tensorflow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 2.1.4"
                        },
                        {
                          "version_value": "\u003e= 2.2.0, \u003c 2.2.3"
                        },
                        {
                          "version_value": "\u003e= 2.3.0, \u003c 2.3.3"
                        },
                        {
                          "version_value": "\u003e= 2.4.0, \u003c 2.4.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "tensorflow"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125: Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
            "refsource": "CONFIRM",
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-4fg4-p75j-w5xj",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.1.4||\u003e=2.2.0,\u003c2.2.3||\u003e=2.3.0,\u003c2.3.3||\u003e=2.4.0,\u003c2.4.2",
          "affected_versions": "All versions before 2.1.4, all versions starting from 2.2.0 before 2.2.3, all versions starting from 2.3.0 before 2.3.3, all versions starting from 2.4.0 before 2.4.2",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-125",
            "CWE-937"
          ],
          "date": "2021-05-21",
          "description": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.1.4",
            "2.2.3",
            "2.3.3",
            "2.4.2"
          ],
          "identifier": "CVE-2021-29547",
          "identifiers": [
            "GHSA-4fg4-p75j-w5xj",
            "CVE-2021-29547"
          ],
          "not_impacted": "All versions starting from 2.1.4 before 2.2.0, all versions starting from 2.2.3 before 2.3.0, all versions starting from 2.3.3 before 2.4.0, all versions starting from 2.4.2",
          "package_slug": "pypi/tensorflow-cpu",
          "pubdate": "2021-05-21",
          "solution": "Upgrade to versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 or above.",
          "title": "Out-of-bounds Read",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-29547",
            "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
            "https://github.com/advisories/GHSA-4fg4-p75j-w5xj"
          ],
          "uuid": "e55e8c4f-099f-4d5a-95dc-3b6d6203ee64"
        },
        {
          "affected_range": "\u003c2.1.4||\u003e=2.2.0,\u003c2.2.3||\u003e=2.3.0,\u003c2.3.3||\u003e=2.4.0,\u003c2.4.2",
          "affected_versions": "All versions before 2.1.4, all versions starting from 2.2.0 before 2.2.3, all versions starting from 2.3.0 before 2.3.3, all versions starting from 2.4.0 before 2.4.2",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-125",
            "CWE-937"
          ],
          "date": "2021-05-21",
          "description": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.",
          "fixed_versions": [
            "2.1.4",
            "2.2.3",
            "2.3.3",
            "2.4.2"
          ],
          "identifier": "CVE-2021-29547",
          "identifiers": [
            "GHSA-4fg4-p75j-w5xj",
            "CVE-2021-29547"
          ],
          "not_impacted": "All versions starting from 2.1.4 before 2.2.0, all versions starting from 2.2.3 before 2.3.0, all versions starting from 2.3.3 before 2.4.0, all versions starting from 2.4.2",
          "package_slug": "pypi/tensorflow-gpu",
          "pubdate": "2021-05-21",
          "solution": "Upgrade to versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 or above.",
          "title": "Out-of-bounds Read",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-29547",
            "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
            "https://github.com/advisories/GHSA-4fg4-p75j-w5xj"
          ],
          "uuid": "9592485c-8c27-48b7-8a41-b6c38dc5804d"
        },
        {
          "affected_range": "\u003c=2.1.4||\u003e=2.2.0,\u003c=2.2.3||\u003e=2.3.0,\u003c=2.3.3||\u003e=2.4.0,\u003c=2.4.2",
          "affected_versions": "All versions up to 2.1.4, all versions starting from 2.2.0 up to 2.2.3, all versions starting from 2.3.0 up to 2.3.3, all versions starting from 2.4.0 up to 2.4.2",
          "cvss_v2": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-125",
            "CWE-937"
          ],
          "date": "2021-07-27",
          "description": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`.",
          "fixed_versions": [
            "2.5.0"
          ],
          "identifier": "CVE-2021-29547",
          "identifiers": [
            "CVE-2021-29547",
            "GHSA-4fg4-p75j-w5xj"
          ],
          "not_impacted": "All versions after 2.1.4 before 2.2.0, all versions after 2.2.3 before 2.3.0, all versions after 2.3.3 before 2.4.0, all versions after 2.4.2",
          "package_slug": "pypi/tensorflow",
          "pubdate": "2021-05-14",
          "solution": "Upgrade to version 2.5.0 or above.",
          "title": "Out-of-bounds Read",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-29547"
          ],
          "uuid": "058e7f6c-cffb-46fe-80d1-10d940c8fac5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.3",
                "versionStartIncluding": "2.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.3",
                "versionStartIncluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.2",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29547"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-27T17:25Z",
      "publishedDate": "2021-05-14T20:15Z"
    }
  }
}

CNVD-2021-37623

Vulnerability from cnvd - Published: 2021-05-28

Title

Google TensorFlow QuantizedBatchNormWithGlobalNormalization拒绝服务漏洞

Description

Google TensorFlow是一个端到端开源机器学习平台。 Google TensorFlow QuantizedBatchNormWithGlobalNormalization存在安全漏洞。攻击者可利用该漏洞导致分段错误，从而可导致拒绝服务。

Severity

低

Patch Name

Google TensorFlow QuantizedBatchNormWithGlobalNormalization拒绝服务漏洞的补丁

Patch Description

Google TensorFlow是一个端到端开源机器学习平台。 Google TensorFlow QuantizedBatchNormWithGlobalNormalization存在安全漏洞。攻击者可利用该漏洞导致分段错误，从而可导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-29547

Impacted products

Name
['Google TensorFlow 2.4.2', 'Google TensorFlow 2.3.3', 'Google TensorFlow 2.2.3', 'Google TensorFlow 2.1.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-29547",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29547"
    }
  },
  "description": "Google TensorFlow\u662f\u4e00\u4e2a\u7aef\u5230\u7aef\u5f00\u6e90\u673a\u5668\u5b66\u4e60\u5e73\u53f0\u3002\n\nGoogle TensorFlow QuantizedBatchNormWithGlobalNormalization\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5206\u6bb5\u9519\u8bef\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-37623",
  "openTime": "2021-05-28",
  "patchDescription": "Google TensorFlow\u662f\u4e00\u4e2a\u7aef\u5230\u7aef\u5f00\u6e90\u673a\u5668\u5b66\u4e60\u5e73\u53f0\u3002\r\n\r\nGoogle TensorFlow QuantizedBatchNormWithGlobalNormalization\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5206\u6bb5\u9519\u8bef\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google TensorFlow QuantizedBatchNormWithGlobalNormalization\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google TensorFlow 2.4.2",
      "Google TensorFlow 2.3.3",
      "Google TensorFlow 2.2.3",
      "Google TensorFlow 2.1.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29547",
  "serverity": "\u4f4e",
  "submitTime": "2021-05-18",
  "title": "Google TensorFlow QuantizedBatchNormWithGlobalNormalization\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2021-29547

Vulnerability from fkie_nvd - Published: 2021-05-14 20:15 - Updated: 2024-11-21 06:01

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj	Exploit, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
google	tensorflow	*
google	tensorflow	*
google	tensorflow	*
google	tensorflow	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323ABCCE-24EB-47CC-87F6-48C101477587",
              "versionEndExcluding": "2.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64ABA90C-0649-4BB0-89C9-83C14BBDCC0F",
              "versionEndExcluding": "2.2.3",
              "versionStartIncluding": "2.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9",
              "versionEndExcluding": "2.3.3",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8259531B-A8AC-4F8B-B60F-B69DE4767C03",
              "versionEndExcluding": "2.4.2",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, `.flat\u003cT\u003e()` is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."
    },
    {
      "lang": "es",
      "value": "TensorFlow es una plataforma de c\u00f3digo abierto de extremo a extremo para el aprendizaje autom\u00e1tico.\u0026#xa0;Un atacante puede causar un fallo secundario y una denegaci\u00f3n de servicio por medio del acceso a datos fuera de l\u00edmites en \"tf.raw_ops.QuantizedBatchNormWithGlobalNormalization\".\u0026#xa0;Esto es debido a que la implementaci\u00f3n (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) asume que las entradas no est\u00e1n vac\u00edas.\u0026#xa0;Si alguna de estas entradas est\u00e1 vac\u00eda, \".flat(T)()\" es un b\u00fafer vac\u00edo, por lo que acceder al elemento en el \u00edndice 0 es acceder a datos fuera de l\u00edmites.\u0026#xa0;La correcci\u00f3n ser\u00e1 incluida en TensorFlow versi\u00f3n 2.5.0.\u0026#xa0;Tambi\u00e9n seleccionaremos este commit en TensorFlow versi\u00f3n 2.4.2, TensorFlow versi\u00f3n 2.3.3, TensorFlow versi\u00f3n 2.2.3 y TensorFlow versi\u00f3n 2.1.4, ya que estos tambi\u00e9n est\u00e1n afectados y a\u00fan est\u00e1n en el rango compatible"
    }
  ],
  "id": "CVE-2021-29547",
  "lastModified": "2024-11-21T06:01:21.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-14T20:15:12.763",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-29547 (GCVE-0-2021-29547)

GHSA-4FG4-P75J-W5XJ

Impact

Patches

For more information

Attribution

PYSEC-2021-673

PYSEC-2021-184

PYSEC-2021-475

GSD-2021-29547

CNVD-2021-37623

FKIE_CVE-2021-29547

Tags

Sightings

Nomenclature