We use cookies to improve your experience on our site.
AVID-2026-R0803
Description
Heap buffer overflow in BandedTriangularSolve (CVE-2021-29612)
Details
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.raw_ops.BandedTriangularSolve. The implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278) calls ValidateInputTensors for input validation but fails to validate that the two tensors are not empty. Furthermore, since OP_REQUIRES macro only stops execution of current function after setting ctx->status() to a non-OK value, callers of helper functions that use OP_REQUIRES must check value of ctx->status() before continuing. This doesn’t happen in this op’s implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L219), hence the validation that is present is also not effective. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Reason for inclusion in AVID: The CVE describes a heap-based buffer overflow in TensorFlow’s BandedTriangularSolve operation, a core component of an AI framework. This is a software vulnerability affecting a library commonly used to build/train/deploy AI systems, i.e., a supplier component in the GP AI software stack. The issue is software-based (not hardware/firmware-only) and is documented with sources and affected versions, providing clear evidence for classification.
References
- NVD entry
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2xgj-xhgf-ggjv
- https://github.com/tensorflow/tensorflow/commit/0ab290774f91a23bebe30a358fde4e53ab4876a0
- https://github.com/tensorflow/tensorflow/commit/ba6822bd7b7324ba201a28b2f278c29a98edbef2
Affected or Relevant Artifacts
- Developer: tensorflow
- Deployer: tensorflow
- Artifact Details:
| Type | Name |
|---|---|
| System | tensorflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L |
| Base Score | 3.6 |
| Base Severity | 🟢 Low |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | 🟢 Low |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-120 | CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2021-05-14
- Version: 0.3.3
- AVID Entry