Home

CVE-2021-29521

Description

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.raw_ops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L199-L213) assumes the first element of the dense shape is always positive and uses it to initialize a BatchedMap (i.e., std::vector>(https://github.com/tensorflow/tensorflow/blob/8f7b60ee8c0206a2c99802e3a4d1bb55d2bc0624/tensorflow/core/kernels/count_ops.cc#L27)) data structure. If the shape tensor has more than one element, num_batches is the first value in shape. Ensuring that the dense_shape argument is a valid tensor shape (that is, all elements are non-negative) solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.015

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Python-tensorflow 2.3.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow 2.4.2Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.3.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.4.2Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.3.3Windows
Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.4.2Windows
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.3.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.4.2Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.3.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.4.2Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.3.3Linux
Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.4.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234