AVID-2026-R0802

Description

Incomplete validation in SparseReshape (CVE-2021-29611)

Details

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions.

Reason for inclusion in AVID: CVE-2021-29611 describes an insecure input validation in TensorFlow’s SparseReshape leading to a denial of service. TensorFlow is an AI framework used in ML pipelines, so this is a software vulnerability in a component commonly used to build/deploy AI systems. It affects TensorFlow versions and has a fix, signaling a supply chain security issue within AI software stacks. Therefore it qualifies for AVID curation as a software supply chain vulnerability in general-purpose AI systems.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9rpc-5v9q-5r7f
• https://github.com/tensorflow/tensorflow/commit/1d04d7d93f4ed3854abf75d6b712d72c3f70d6b6

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-05-14
• Version: 0.3.3
• AVID Entry