We use cookies to improve your experience on our site.
AVID-2026-R0755
Description
Heap out of bounds in QuantizedBatchNormWithGlobalNormalization (CVE-2021-29547)
Details
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, .flat<T>() is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-29547 describes a heap out-of-bounds vulnerability in TensorFlow’s QuantizedBatchNormWithGlobalNormalization op, causing a segfault and potential DoS. TensorFlow is a core AI framework used to build/train/deploy AI systems; the issue affects multiple TensorFlow versions and is tied to a code path within the AI software stack. This is a software vulnerability (CWE-125) in a widely-used AI software component, with references to the CVE, commit fixes, and advisories, indicating clear evidence and remediation paths. Therefore it should be kept for AVID curation as a vulnerability in the supply chain of general-purpose AI systems.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4fg4-p75j-w5xj
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 2.5 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-125 | CWE-125: Out-of-bounds Read |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-14
- Version: 0.3.3
- AVID Entry