AVID-2026-R0759

Description

Heap OOB in QuantizeAndDequantizeV3 (CVE-2021-29553)

Details

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.raw_ops.QuantizeAndDequantizeV3. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7b5174aa6bf5e01886e770f/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L237) does not validate the value of user supplied axis attribute before using it to index in the array backing the input argument. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29553 describes a heap out-of-bounds read in TensorFlow’s QuantizeAndDequantizeV3, a vulnerability in a widely-used AI framework. This directly concerns AI systems (models/frameworks) and involves a software component (TensorFlow) that is part of the AI supply chain (dependencies/runtimes used to build, train, deploy, and serve models). It is a security vulnerability (out-of-bounds read) with signal in CVSS. The reference text provides concrete details and affected versions, satisfying evidence requirements.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h9px-9vqg-222h
• https://github.com/tensorflow/tensorflow/commit/99085e8ff02c3763a0ec2263e44daec416f6a387

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry