AVID-2026-R0766

Description

CHECK-fail in LoadAndRemapMatrix (CVE-2021-29561)

Details

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw_ops.LoadAndRemapMatrix. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) assumes that the ckpt_path is always a valid scalar. However, an attacker can send any other tensor as the first argument of LoadAndRemapMatrix. This would cause the rank CHECK in scalar<T>()() to trigger and terminate the process. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29561 describes a TensorFlow vulnerability causing denial-of-service via a misvalidated argument in LoadAndRemapMatrix. It affects an AI framework used in ML pipelines, representing a software supply-chain issue for general-purpose AI systems. The vulnerability is behavior-based (CWE-617 reachable assertion) with explicit CVE details and references.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gvm4-h8j3-rjrq
• https://github.com/tensorflow/tensorflow/commit/77dd114513d7796e1e2b8aece214a380af26fbf4

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry