AVID-2026-R0841

Description

Heap buffer overflow in FractionalAvgPoolGrad in TensorFlow (CVE-2021-37651)

Details

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empty. Thus, code constructs an empty EigenDoubleMatrixMap and then accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

Reason for inclusion in AVID: CVE-2021-37651 describes a heap buffer overflow in TensorFlow’s FractionalAvgPoolGrad, enabling out-of-bounds reads. TensorFlow is a core AI framework used in ML models and pipelines, so the issue concerns AI software systems and their dependencies. The vulnerability affects the software stack (TensorFlow) used to build/train/deploy AI systems, not hardware/firmware alone. A CVE entry with clear vulnerability behavior (OOB read), a patch, and a CVSS base score are provided, supporting evidence for inclusion in AI supply chain curation.

References

• NVD entry
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hpv4-7p9c-mvfr
• https://github.com/tensorflow/tensorflow/commit/0f931751fb20f565c4e94aa6df58d54a003cdb30

Affected or Relevant Artifacts

• Developer: tensorflow
• Deployer: tensorflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-08-12
• Version: 0.3.3
• AVID Entry