We use cookies to improve your experience on our site.
AVID-2026-R0791
Description
Heap OOB read in TFLite’s implementation of Minimum or Maximum (CVE-2021-29590)
Details
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting implementation(https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/maximum_minimum.h#L52-L56) indexes in both tensors with the same index but does not validate that the index is within bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: CVE-2021-29590 describes a heap out-of-bounds read in TensorFlow Lite’s Minimum/Maximum operators. This is a software vulnerability in a widely used AI framework/runtime (TensorFlow/TFLite) that serves as a component in AI models and pipelines, i.e., a software supply-chain artifact for general-purpose AI systems. The report provides explicit vulnerability details, affected versions, and a fix, satisfying sufficiency. Therefore it is AI-related, impacts the GP AI software supply chain, is a security/safety vulnerability, and has sufficient evidence.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-24x6-8c7m-hv3f
- https://github.com/tensorflow/tensorflow/commit/953f28dca13c92839ba389c055587cfe6c723578
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
| Base Score | 2.5 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-125 | CWE-125: Out-of-bounds Read |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-14
- Version: 0.3.3
- AVID Entry