AVID-2026-R0786

Description

Heap OOB read in tf.raw_ops.Dequantize (CVE-2021-29582)

Details

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.raw_ops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/26003593aa94b1742f34dc22ce88a1e17776a67d/tensorflow/core/kernels/dequantize_op.cc#L106-L131) accesses the min_range and max_range tensors in parallel but fails to check that they have the same shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29582 describes a heap out-of-bounds read in TensorFlow’s Dequantize operation, affecting multiple TensorFlow versions and requiring a fix. This is a software vulnerability in a core AI framework (TensorFlow) used to develop, train, deploy, and serve AI systems. It directly concerns software supply-chain components (AI frameworks and dependencies) and has clear evidence (CVE entry, affected versions, fix details). Therefore it is relevant to the AI supply-chain vulnerability scope.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c45w-2wxr-pp53
• https://github.com/tensorflow/tensorflow/commit/5899741d0421391ca878da47907b1452f06aaf1b

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry