AVID-2026-R0756

Description

Division by 0 in QuantizedBatchNormWithGlobalNormalization (CVE-2021-29548)

Details

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op’s contract(https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization). The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29548 describes a runtime division by zero in TensorFlow’s QuantizedBatchNormWithGlobalNormalization, causing a denial-of-service. TensorFlow is a core AI/ML framework, and this vulnerability affects software used to build/run AI systems. It targets a software component in the AI stack (ML framework kernel), with a public advisory and fix across affected TensorFlow versions, indicating a software supply-chain risk in AI deployments. Evidence includes the CVE entry, TensorFlow advisory, and referenced commits.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p45v-v4pw-77jr
• https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry