AVID-2026-R0731

Description

CHECK-fail in SparseCross due to type confusion (CVE-2021-29519)

Details

TensorFlow is an end-to-end open source platform for machine learning. The API of tf.raw_ops.SparseCross allows combinations which would result in a CHECK-failure and denial of service. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3d782b7d47b1bf2ed32bd4a246d6d6cadc4c903d/tensorflow/core/kernels/sparse_cross_op.cc#L114-L116) is tricked to consider a tensor of type tstring which in fact contains integral elements. Fixing the type confusion by preventing mixing DT_STRING and DT_INT64 types solves this issue. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29519 concerns a vulnerability in TensorFlow (an AI framework), specifically a type-confusion bug in SparseCross leading to denial of service. This affects the AI software stack used to build/train/deploy AI models, is a security vulnerability (CWE-843), and there is explicit evidence including affected versions and fixes, making it relevant to the AI supply chain.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-772j-h9xw-ffp5
• https://github.com/tensorflow/tensorflow/commit/b1cc5e5a50e7cee09f2c6eb48eb40ee9c4125025

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry