We use cookies to improve your experience on our site.
AVID-2026-R0787
Description
Heap buffer overflow and undefined behavior in FusedBatchNorm (CVE-2021-29583)
Details
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The implementation(https://github.com/tensorflow/tensorflow/blob/57d86e0db5d1365f19adcce848dfc1bf89fdd4c7/tensorflow/core/kernels/fused_batch_norm_op.cc) fails to validate that scale, offset, mean and variance (the last two only when required) all have the same number of elements as the number of channels of x. This results in heap out of bounds reads when the buffers backing these tensors are indexed past their boundary. If the tensors are empty, the validation mentioned in the above paragraph would also trigger and prevent the undefined behavior. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-29583 is a software vulnerability in TensorFlow’s core FusedBatchNorm implementation (heap buffer overflow/null pointer dereference). TensorFlow is a major ML framework used in AI systems, so this directly concerns AI software stacks. The issue affects software components used to build/train/deploy AI systems, i.e., the AI software supply chain (libraries/dependencies). The advisory details the vulnerability, impacted versions, and references, providing sufficient evidence for curation.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9xh4-23q4-v6wr
- https://github.com/tensorflow/tensorflow/commit/6972f9dfe325636b3db4e0bc517ee22a159365c0
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 2.5 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-476 | CWE-476: NULL Pointer Dereference |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-14
- Version: 0.3.3
- AVID Entry