AVID-2026-R0792

Description

Null pointer dereference in TFLite’s Reshape operator (CVE-2021-29592)

Details

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the vulnerability(https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-29592 is a software vulnerability in TensorFlow Lite’s Reshape operator (null pointer dereference). TensorFlow/TFLite are core AI software/frameworks used in building and deploying general-purpose AI systems, and this vulnerability affects a dependency commonly used in AI pipelines (inference/runtime). It is a security/safety vulnerability with local attack vector and low impact per CVSS, and the report provides explicit references (CVE record, advisory, and commit) sufficient to classify it for AVID curation.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jjr8-m8g8-p6wv
• https://github.com/tensorflow/tensorflow/commit/f8378920345f4f4604202d4ab15ef64b2aceaa16

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry