We use cookies to improve your experience on our site.
AVID-2026-R0767
Description
CHECK-fail in tf.raw_ops.IRFFT (CVE-2021-29562)
Details
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-29562 describes a CHECK-failure in TensorFlow (tf.raw_ops.IRFFT) that can cause a denial of service. This concerns AI/ML software (TensorFlow), is a vulnerability in a software component used to build/run AI systems, and has documented CVE and remediation details. It is a software supply-chain issue relevant to general-purpose AI stacks.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-36vm-xw34-x4pj
- https://github.com/tensorflow/tensorflow/commit/1c56f53be0b722ca657cbc7df461ed676c8642a2
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 2.5 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-617 | CWE-617: Reachable Assertion |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-14
- Version: 0.3.3
- AVID Entry